Health Insurance Portability and Accountability Act (HIPAA)


Article Author:
Peter Edemekong


Article Editor:
Micelle Haydel


Editors In Chief:
Bette Bogdan
Lori Kerley
Robin Geiger


Managing Editors:
Frank Smeeks
Scott Dulebohn
Erin Hughes
Pritesh Sheth
Mark Pellegrini
James Hughes
Richard Ciresi
Phillip Hynes


Updated:
10/27/2018 12:31:37 PM

Introduction

The Health Insurance Portability and Accountability Act of 1996 (HIPAA; Kennedy–Kassebaum Act, or Kassebaum–Kennedy Act) consists of 5 Titles.

  • Title I: Protects health insurance coverage for workers and their families that change or lose their jobs. It limits new health plans ability to deny coverage due to a pre-existing condition.
  • Title II: Prevents Health Care Fraud and Abuse; Medical Liability Reform; Administrative Simplification that requires the establishment of national standards for electronic health care transactions and national identifiers for providers, employers, and health insurance plans.
  • Title III: Guidelines for pre-tax medical spending accounts. It provides changes to health insurance law and deductions for medical insurance.
  • Title IV: Guidelines for group health plans. It provides modifications for health coverage.
  • Title V: Governs company-owned life insurance policies. Makes provisions for treating people without United States Citizenship and repealed financial institution rule to interest allocation rules.

Questions To Consider

Why was the Health Insurance Portability and Accountability Act (HIPAA) established?

  • The focus of the statute is to create confidentiality systems within and beyond healthcare facilities.
  • The goal of keeping protected health information private.

Whom does HIPAA cover?

  • All persons working in a healthcare facility or private office
  • Students
  • Non-patient care employees
  • Health plans (e.g., insurance companies)
  • Billing companies
  • Electronic medical record companies

What are basic HIPAA goals?

  • To limit the use of protected health information to those with a “need to know.”
  • To penalize those who do not comply with confidentiality regulations.

What health information is protected?

  • Any health care information with an identifier that links a specific patient to healthcare information (name, social security number, telephone number, email address, street address, among others)

Differentiate between HIPAA privacy rules, use and disclosure of information?

  • Use: How information is used within a healthcare facility
  • Disclosure: How information is shared outside a health care facility
  • Privacy rules: Patients must give signed consent for the use of their personal information or disclosure

What are the legal exceptions when health care professionals can breach confidentiality without permission?

  • Gunshot wound
  • Stab wound
  • Injuries sustained in a crime
  • Child/Elderly abuse
  • Infectious, communicable or reportable diseases

What types of data does HIPAA protect?

  • Written, paper, spoken, or electronic data
  • Transmission of data within and outside a health care facility
  • Applies to anyone or any institution involved with the use of healthcare-related data
  • Data size does not matter

What types of electronic devices must facility security systems protect?

  • Both hardware and software
  • Unauthorized access to health care data or devices such as a user attempting to change passwords at defined intervals

What is the job of a HIPAA security officer?

  • IT background
  • Document and maintain security policies and procedures
  • Audit the systems
  • Risk assessments and compliance with policies/procedures

What does a security risk assessment entail?

  • Should be undertaken at all healthcare facilities
  • Assess risk of virus infection and hackers
  • Create safeguards against risks

What are physical safeguards?

  • Secure printers, fax machines, and computers
  • Locks on computer and record rooms
  • Destroy sensitive information

What type of employee training for HIPAA is necessary?

  • Ideally under the supervision of the security officer
  • Level of access increases with responsibility
  • Annual HIPAA training with updates mandatory for all employees

What type of reminder policies should be in place?

  • E-mail alert, posters
  • Log-on, log-off computer notices

How should a sanctions policy for HIPAA violations be written?

  • Clear, non-ambiguous plain English policy
  • Apply equally to all employees and contractors
  • Sale of information results in termination
  • Repeat offense increases the punishment

What discussions regarding patient information may be conducted in public locations?

  • None
  • Conversational information is covered by confidentiality/HIPAA
  • Do not talk about patients or protected health information in public locations

How do you protect electronic information?

  • Point computer screens away from public
  • Use privacy sliding doors at the reception desk
  • Never leave protected health information unattended
  • Log off workstations when leaving an area

How do you ensure password protection?

  • Do not share the password
  • Do not write down the password
  • Do not verbalize password
  • Do not email your password

How do you select a safe password?

  • Do not select consecutive digits
  • Do not select information that can be easily guessed
  • Choose something that can be remembered but not guessed

Function

What is the function of HIPAA?

In passing the law for HIPAA, Congress required the establishment of Federal standards to guarantee electronic protected health information security to ensure confidentiality, integrity, and availability of health information that ensure the protection of individual’s health information while also granting access for health care providers, clearinghouses, and health plans for continued medical care.

  • Standards for security were needed because of the growth in exchange of protected health information between covered entities and non-covered entities. These standards guarantee availability, integrity, and confidentiality of e-PHI. Also, there are State laws with strict guidelines that apply and overrules Federal security guidelines.
  • The standards mandated in the Federal Security Rule protect individual's health information while permitting appropriate access to that information by health care providers, clearinghouses, and health insurance plans. The Security Rule establishes Federal standards to ensure the availability, confidentiality, and integrity of electronic protected health information. Also, state laws also provide more stringent standards that apply over and above Federal security standards.
  • Health care providers, health plans, and business associates have a strong tradition of safeguarding private health information. However, in today’s world, the old system of paper records locked in cabinets is not enough anymore. With information broadly held and transmitted electronically, the rule provides clear national standards for the protection of electronic health information.

Issues of Concern

There are 5 HIPAA sections of the act, known as titles.

Title I: Focus on Health Care Access, Portability, and Renewability

  • Regulates the availability of group and individual health insurance policies: Title I modified the Employee Retirement Income Security Act along with the Public Health Service Act and the Internal Revenue Code
  • Requires the coverage of and limits the restrictions that a group health plan places on benefits for preexisting conditions. Group health coverage may only refuse benefits that relate to preexisting conditions for 12 months after enrollment or 18 months for late enrollment.
  • Enables individuals to limit the exclusion period taking into account how long they were covered before enrolling in the new plan after any periods of a break in coverage.
  • Covers "creditable coverage" which includes nearly all group and individual health plans, Medicare, and Medicaid.
  • Explains a "significant break" as any 63-day period that an individual goes without creditable coverage. It allows premiums to be tied to avoiding tobacco use, or body mass index.
  • Requires insurers to issue policies without exclusion to those leaving group health plans with creditable coverage exceeding 18 months, and renew individual policies for as long as they are offered or provide alternatives to discontinued plans for as long as the insurer stays in the market without exclusion regardless of health condition.

Title II: Preventing Health Care Fraud and Abuse; Administrative Simplification; Medical Liability Reform

  • Establishes policies and procedures for maintaining privacy and security of individually identifiable health information, outlines offenses, and creates civil and criminal penalties for violations.
  • Creates programs to control fraud and abuse and Administrative Simplification rules.
  • Requires the Department of Health and Human Services (HHS) to increase the efficiency of the health care system by creating standards.

HHS initiated 5 rules to enforce Administrative Simplification: (1) Privacy Rule, (2) Transactions and Code Sets Rule, (3) Security Rule, (4) Unique Identifiers Rule, and (5) Enforcement Rule.

Privacy rule

The HIPAA Privacy Rule regulates the use and disclosure of protected health information (PHI) by "covered entities." These entities include health care clearinghouses, health insurers, employer-sponsored health plans, and medical providers. Upon request, covered entities must disclose PHI to an individual within 30 days. Entities mentioned earlier must provide and disclose PHI as required by law enforcement for the investigation of suspected child abuse.

  • Covered entities may disclose PHI to law enforcement if requested to do so by court orders, court-ordered warrants, subpoenas, and administrative requests.
  • A covered entity may reveal PHI to facilitate treatment, payment, or health care operations without a patient's written authorization.
  • Any other disclosures of PHI require the covered entity to obtain prior written authorization.
  • When a covered entity discloses PHI, it must make a reasonable effort to share only the minimum necessary information.
  • The Privacy Rule gives individuals the right to demand that a covered entity correct any inaccurate PHI and make reasonable steps to ensure the confidentiality of communications with individuals.
  • The Privacy Rule requires covered entities to notify individuals of PHI use, keep track of disclosures, and document privacy policies and procedures.

2013 Omnibus Rule Update

  • The revised definition of "significant harm" to an individual in the analysis of a breach provides more investigation to cover entities with the intent of disclosing breaches that were previously not reported.
  • Protection of PHI was changed from indefinite to 50 years after death.
  • The HIPAA Privacy rule may be waived during a natural disaster.

Right to access

The Privacy Rule requires medical providers to give individuals PHI access when an individual requests information in writing. A provider has 30 days to provide a copy of the information to the individual. An individual may request the information in electronic form or hard-copy.

  • Individuals have the right to access all health-related information (except psychotherapy notes of a provider, and information gathered by a provider to defend against a lawsuit).
  • Providers may charge a reasonable amount for copying costs. However, no charge is allowable when providing data electronically from a certified electronic health record (EHR) using the "view, download, and transfer."
  • An individual may authorize delivery of information using either encrypted or un-encrypted email, media, direct messaging, or other methods. When using un-encrypted delivery, an individual must understand and accept the risks of data transfer.
  • An individual may request in writing that their PHI be delivered to a third party.
  • An individual may request in writing that their provider send PHI to a designated service used to collect or manage their records, such as a Personal Health Record application.

Relative disclosure

Hospitals may not reveal information over the phone to relatives of admitted patients.

  • This has impeded the location of missing persons, as seen after airline crashes, hospitals are reluctant to disclose the identities of passengers being treated, making it difficult for relatives to locate them.

Transactions and Code Sets Rule

HIPAA was created to improve health care system efficiency by standardizing health care transactions. HIPAA added a new Part C titled "Administrative Simplification" that simplifies healthcare transactions by requiring health plans to standardize health care transactions.

  • For example, medical providers who file for reimbursements electronically have to file their electronic claims using HIPAA standards to be paid.

Security Rule

The Security Rule complements the Privacy Rule. While the Privacy Rule pertains to all Protected Health Information, the Security Rule is limited to Electronic Protected Health Information. It lays out 3 types of security safeguards: administrative, physical, and technical.

Administrative safeguards

Policies and procedures designed to show clearly how the entity will comply with the act.

  • Covered entities must adopt a written set of privacy procedures and designate a privacy officer for developing and implementing required policies and procedures.
  • Procedures must identify classes of employees who have access to electronic protected health information and restrict it to only those employees who need it to complete their job function.
  • The procedures must address access authorization, establishment, modification, and termination.
  • Entities must show appropriate ongoing training for handling PHI.
  • Covered entities must back up their data and have disaster recovery procedures.
  • Internal audits are required to review operations with the goal of identifying security violations.
  • Procedures should document instructions for addressing and responding to security breaches.

Physical safeguards

  • Control physical access to protected data.
  • Control the introduction and removal of hardware and software from the network and make it limited to authorized individuals.
  • Access to equipment containing health information must be controlled and monitored.
  • Require proper workstation use, and keep monitor screens out of not direct public view.
  • If the covered entities utilize contractors or agents, they too must be thoroughly trained on PHI.

Technical Safeguards

Technical safeguards include controlling access to computer systems and enabling covered entities to protect communications containing PHI transmitted electronically over open networks.

  • Information systems housing PHI must be protected from intrusion.
  • Data within a system must not be changed or erased in an unauthorized manner.
  • Data corroboration, including the use of a checksum, double-keying, message authentication, and digital signature must be used to ensure data integrity and authenticate entities with which they communicate.
  • Entities must make documentation of their HIPAA practices available to the government.
  • Information technology documentation should include a written record of all configuration settings on the components of the network.
  • Documented risk analysis and risk management programs are required.

Unique Identifiers Rule (National Provider Identifier, NPI)

HIPAA covered entities such as providers completing electronic transactions, healthcare clearinghouses, and large health plans must use only the National Provider Identifier (NPI) to identify covered healthcare providers in standard transactions.

The NPI replaces all other identifiers used by health plans, Medicare, Medicaid, and other government programs. The NPI does not replace a provider's DEA number, state license number, or tax identification number. The NPI is 10 digits (may be alphanumeric), with the last digit a checksum. The NPI cannot contain any embedded intelligence; the NPI is a number that does not itself have any additional meaning. The NPI is unique and national, never re-used, and except for institutions, a provider usually can have only one. An institution may obtain multiple NPIs for different "sub-parts" such as a free-standing surgery or wound care center.

Enforcement Rule

  • The Enforcement Rule sets civil financial money penalties for violating HIPAA rules.
  • It establishes procedures for investigations and hearings for HIPAA violations.
  • The US Dept. of Health and Human Resources has investigated over 20,000 cases resolved by requiring changes in privacy practice or by corrective action.
  • If noncompliance is determined, entities must apply corrective measures.
  • Complaints have been investigated against pharmacy chains, major health care centers, insurance groups, hospital chains, and small providers.

According to the HHS, the following issues have been reported according to frequency:

  1. Misuse and disclosures of PHI
  2. No protection in place for health information
  3. Patient unable to access their health information
  4. Using or disclosing more than the minimum necessary protected health information
  5. No safeguards of electronic protected health information

The most common entities required to take corrective action according to HHS are listed below by frequency:

  1. Private Practices
  2. Hospitals
  3. Outpatient Facilities
  4. Group insurance plans
  5. Pharmacies

Title III: Tax-related health provisions governing medical savings accounts

  • Standardizes the amount that may be saved per person in a pre-tax medical savings account.
  • Makes medical savings accounts available to employees covered under an employer-sponsored high deductible plan for a small employer and self-employed individuals.

Title IV: Application and enforcement of group health insurance requirements

Title IV specifies conditions for group health plans regarding coverage of persons with pre-existing conditions and modifies continuation of coverage requirements. It clarifies continuation coverage requirements and includes COBRA clarification.

Title V: Revenue offset governing tax deductions for employers

  • Provisions for company-owned life insurance for employers providing company-owned life insurance premiums, prohibiting the tax-deduction of interest on life insurance loans, company endowments, or contracts related to the company.
  • Repeals the financial institution rule to interest allocation rules.
  • Amends provisions of law relating to people who give up United States citizenship or permanent residence, expanding the expatriation tax to be assessed against those deemed to be giving up their US status for tax reasons
  • Makes ex-citizens' names part of the public record through the creation of the Quarterly Publication of Individuals Who Have Chosen to Expatriate.

Clinical Significance

HIPAA Privacy and Security Rules have substantially changed the way medical institutions and health providers function. The complex legalities and severe civil and financial penalties, as well as the increase in paperwork and implementation costs, have substantially impacted health care. All health professional must be trained in HIPAA and have an understanding of the potential pitfalls and acts that can lead to a violation.

Clinical Care Effects

HIPAA, combined with stiff penalties for violation, may result in medical centers and practices withholding life-saving information from those who may have a right to it and need it at a crucial moment. Through the HIPAA Privacy Rule, the US Government Accountability Office found that health care providers were "uncertain about their legal privacy responsibilities and often responded with an overly guarded approach to disclosing information. Ultimately, the solution is the education of all healthcare professionals and their support staff so that they have a full appreciation of when protected health information can be legally released.

Education and Training Effects

Education and training of healthcare providers and students are needed to implement HIPAA Privacy and Security Acts. Effective training and education must describe the regulatory background and purpose of HIPAA and provide a review of the principles and key provisions of the Privacy Rule.

Research Effects

HIPAA restrictions on research have affected the ability to perform chart-based retrospective research. This has made it challenging to evaluate patients prospectively for follow-up.

  • HIPAA Privacy rules have resulted in as much as a 95% drop in follow-up surveys completed by patients being followed long-term.
  • Recruitment of patients for cancer studies has led to more than 70% decrease in patient accrual and a tripling of time spent recruiting patients and mean recruitment costs.
  • Significant legal language required for research studies is now extensive due to the need to protect participant's health information. While such information is important, a lengthy legalistic section may make these complex documents less user-friendly for those who are asked to read and sign them.

Many researchers believe that the HIPAA privacy laws have a negative impact on the cost and quality of medical research.

Costs

HIPAA Privacy and Security Acts require all medical centers and medical practices to get into and stay in compliance. The costs of developing and revamping systems and practices and an increase in paperwork and staff education time have impacted the finances of medical centers and practices at a time when insurance companies and Medicare reimbursements have decreased. Ultimately, the cost of violating the statutes is so substantial, that scarce resources must be devoted to making sure an institution is compliant, and its employees understand the statutory rules.

Conclusions

HIPAA is a potential minefield of violations that almost any medical professional can commit. Staff with less education and understanding can easily violate these rules during the normal course of work. While a small percentage of criminal violations involve personal gain or nosy behavior, most violations are momentary lapses that result in costly mistakes. Writing an incorrect address, phone number, email, or text on a form or expressing protected information aloud can jeopardize a practice. HIPAA education and training is crucial, as well as designing and maintaining systems that minimize human mistakes.

Other Issues

Violations of HIPAA

Civil

  • For an individual who unknowingly violates HIPAA: $100 fine per violation with annual maximum of $25,000 for those who repeats violation. There is also $50,000 per violation, and an annual maximum of $1.5 million.
  • For a violation that is due to reasonable cause and not due to willful neglect: There is $1000 charge per violation, an annual maximum of $100,000 for those who repeatedly violates. There is also $50,000 penalty per violation and an annual maximum of $1.5 million.
  • For HIPAA violation due to willful neglect, with violation corrected within the required time period. There is $10,000 penalty per violation, an annual maximum of $250,000 for repeat violations. There is $50,000 penalty per violation with an annual maximum of $1.5 million.
  • For HIPAA violation due to willful neglect and not corrected. There is a penalty of $50,000 per violation, an annual maximum of $1,000,000, $50,000 per violation, and an annual maximum of $1.5 million.

Criminal

  • For entities that are covered and specified individuals who obtain or disclose individually identifiable health information willfully and knowingly: The penalty is up to $50,000 and imprisonment up to 1 year.
  • For offenses committed under false pretenses, the penalty is up to $100,000 with imprisonment up to 5 years.
  • For offenses committed with the intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain or malicious harm, the penalty is up to $250,000 with imprisonment up to 10 years.

The US Department of Health and Human Services Office for Civil Rights has received over 100,000 complaints of HIPAA violations, many resulting in civil and criminal prosecution.

Examples of HIPAA violations and breaches include:

  • Hospital staff disclosed HIV testing concerning a patient in the waiting room, staff were required to take regular HIPAA trainings, and computer monitors were repositioned.
  • Office manager accidentally faxed confidential medical records to an employer rather than a urologists office, resulting in a stern warning letter and a mandate for regular HIPAA training for all employees.
  • Surgeon fired after illegally accessing personal records of celebrities, fined $2000 and 4 months in jail.
  • Private practice lost an unencrypted flash drive containing protected health information, fined $150,000 and required to install a corrective action plan.
  • Private physician license suspended for submitting patient bill's to collection firms with CPT codes that revealed patient diagnosis.
  • Texas hospital employee received an 18-month jail term for wrongful disclosure of private patient medical information.
  • Walgreen's pharmacist violated HIPAA and shared confidential information concerning a customer who dated her husband resulted in a $1.4 million HIPAA award.
  • Virginia employees fired for logging into medical files without legitimate medical need.
  • Employee fired for speaking out loud in the back office of a medical clinic after she revealed a pregnancy test result.
  • Sales executive fined $10,000 for filling out prior authorization forms and putting them directly in patient charts.
  • Six doctors and 13 employees were fired at UCLA for viewing Britney Spears medical records when they had no legitimate reason to do so.
  • Cardiac monitor vendor fined $2.5 million when a laptop containing hundreds of patient medical records was stolen from a car.
  • Washington State Medical Center employee fired for improperly accessing over 600 confidential patient health records.
  • An employee of hospital posted on Facebook concerning the death of a patient stating she "should have worn her seatbelt."
  • Hospital fined $2.2 million for allowing an ABC film crew to film two patients without their consent.
  • Cardiology group fined $200,000 for posting surgical and clinical appointments on a public, internet-accessed calendar.
  • Tricare Management of Virginia exposed confidential data of nearly 5 million people.
  • Cignet Health of Maryland fined $4.3 million for ignoring patient requests to obtain copies of their own records and ignoring federal officials inquiries.
  • Virginia physician prosecuted for sharing information with a patient's employer under false pretenses.

Interested in Participating?

We are looking for contributors to author, edit, and peer review our vast library of review articles and multiple choice questions. In as little as 2-3 hours you can make a significant contribution to your specialty. In return for a small amount of your time, you will receive free access to all content and you will be published as an author or editor in eBooks, apps, online CME/CE courses, and an online Learning Management System for students, teachers, and program directors that allows access to review materials in over 500 specialties.

Improve Content - Become an Author or Editor

This is an academic project designed to provide inexpensive peer-reviewed Apps, eBooks, and very soon an online CME/CE system to help students identify weaknesses and improve knowledge. We would like you to consider being an author or editor. Please click here to learn more. Thank you for you for your interest, the StatPearls Publishing Editorial Team.

Health Insurance Portability and Accountability Act (HIPAA) - Questions

Take a quiz of the questions on this article.

Take Quiz
What does the Health Insurance Portability and Accountability Act guarantee?



Click Your Answer Below


Would you like to access teaching points and more information on this topic?

Improve Content - Become an Author or Editor and get free access to the entire database, free eBooks, as well as free CME/CE as it becomes available. If interested, please click on "Sign Up" to register.

Purchase- Want immediate access to questions, answers, and teaching points? They can be purchased above at Apps and eBooks.


Sign Up
The Health Insurance Portability and Accountability Act (HIPAA) requires providers to have written permission before disclosure of information. Which of the following would not be included in this law?



Click Your Answer Below


Would you like to access teaching points and more information on this topic?

Improve Content - Become an Author or Editor and get free access to the entire database, free eBooks, as well as free CME/CE as it becomes available. If interested, please click on "Sign Up" to register.

Purchase- Want immediate access to questions, answers, and teaching points? They can be purchased above at Apps and eBooks.


Sign Up
Which of the following does not apply to the Security Rule of HIPAA regarding protected patient health information in electronic formats?



Click Your Answer Below


Would you like to access teaching points and more information on this topic?

Improve Content - Become an Author or Editor and get free access to the entire database, free eBooks, as well as free CME/CE as it becomes available. If interested, please click on "Sign Up" to register.

Purchase- Want immediate access to questions, answers, and teaching points? They can be purchased above at Apps and eBooks.


Sign Up
Which of the following is the Privacy Rule that regulates how covered entities use and disclose certain individually identifiable health information?



Click Your Answer Below


Would you like to access teaching points and more information on this topic?

Improve Content - Become an Author or Editor and get free access to the entire database, free eBooks, as well as free CME/CE as it becomes available. If interested, please click on "Sign Up" to register.

Purchase- Want immediate access to questions, answers, and teaching points? They can be purchased above at Apps and eBooks.


Sign Up
Which of the following is the legal term used for protected, individually-identifiable health information?



Click Your Answer Below


Would you like to access teaching points and more information on this topic?

Improve Content - Become an Author or Editor and get free access to the entire database, free eBooks, as well as free CME/CE as it becomes available. If interested, please click on "Sign Up" to register.

Purchase- Want immediate access to questions, answers, and teaching points? They can be purchased above at Apps and eBooks.


Sign Up
Which of the following is Public Law 104-191?



Click Your Answer Below


Would you like to access teaching points and more information on this topic?

Improve Content - Become an Author or Editor and get free access to the entire database, free eBooks, as well as free CME/CE as it becomes available. If interested, please click on "Sign Up" to register.

Purchase- Want immediate access to questions, answers, and teaching points? They can be purchased above at Apps and eBooks.


Sign Up
Which of the following does not apply to the Health Insurance Portability and Accountability Act (HIPAA) Title II?



Click Your Answer Below


Would you like to access teaching points and more information on this topic?

Improve Content - Become an Author or Editor and get free access to the entire database, free eBooks, as well as free CME/CE as it becomes available. If interested, please click on "Sign Up" to register.

Purchase- Want immediate access to questions, answers, and teaching points? They can be purchased above at Apps and eBooks.


Sign Up
Which of the following protects the security and confidentiality of individually identifiable, protected health information?



Click Your Answer Below


Would you like to access teaching points and more information on this topic?

Improve Content - Become an Author or Editor and get free access to the entire database, free eBooks, as well as free CME/CE as it becomes available. If interested, please click on "Sign Up" to register.

Purchase- Want immediate access to questions, answers, and teaching points? They can be purchased above at Apps and eBooks.


Sign Up
Which of the following statements is true about the Health Insurance Portability and Accountability Act (HIPAA)?



Click Your Answer Below


Would you like to access teaching points and more information on this topic?

Improve Content - Become an Author or Editor and get free access to the entire database, free eBooks, as well as free CME/CE as it becomes available. If interested, please click on "Sign Up" to register.

Purchase- Want immediate access to questions, answers, and teaching points? They can be purchased above at Apps and eBooks.


Sign Up
Which of the following is false regarding the HIPAA-related term ACS?



Click Your Answer Below


Would you like to access teaching points and more information on this topic?

Improve Content - Become an Author or Editor and get free access to the entire database, free eBooks, as well as free CME/CE as it becomes available. If interested, please click on "Sign Up" to register.

Purchase- Want immediate access to questions, answers, and teaching points? They can be purchased above at Apps and eBooks.


Sign Up
What does "HIPAA" stand for?



Click Your Answer Below


Would you like to access teaching points and more information on this topic?

Improve Content - Become an Author or Editor and get free access to the entire database, free eBooks, as well as free CME/CE as it becomes available. If interested, please click on "Sign Up" to register.

Purchase- Want immediate access to questions, answers, and teaching points? They can be purchased above at Apps and eBooks.


Sign Up
Which of these is not a "covered entity" as defined by the Health Insurance Portability and Accountability Act (HIPAA) and the Department of Health and Human Services (HHS)?



Click Your Answer Below


Would you like to access teaching points and more information on this topic?

Improve Content - Become an Author or Editor and get free access to the entire database, free eBooks, as well as free CME/CE as it becomes available. If interested, please click on "Sign Up" to register.

Purchase- Want immediate access to questions, answers, and teaching points? They can be purchased above at Apps and eBooks.


Sign Up
Which of the following is not governed by the Health Insurance Portability and Accountability Act (HIPAA) regulations?



Click Your Answer Below


Would you like to access teaching points and more information on this topic?

Improve Content - Become an Author or Editor and get free access to the entire database, free eBooks, as well as free CME/CE as it becomes available. If interested, please click on "Sign Up" to register.

Purchase- Want immediate access to questions, answers, and teaching points? They can be purchased above at Apps and eBooks.


Sign Up
Which of the following is not a HIPAA violation?



Click Your Answer Below


Would you like to access teaching points and more information on this topic?

Improve Content - Become an Author or Editor and get free access to the entire database, free eBooks, as well as free CME/CE as it becomes available. If interested, please click on "Sign Up" to register.

Purchase- Want immediate access to questions, answers, and teaching points? They can be purchased above at Apps and eBooks.


Sign Up
Which of the following describes the acronym HIPAA?



Click Your Answer Below


Would you like to access teaching points and more information on this topic?

Improve Content - Become an Author or Editor and get free access to the entire database, free eBooks, as well as free CME/CE as it becomes available. If interested, please click on "Sign Up" to register.

Purchase- Want immediate access to questions, answers, and teaching points? They can be purchased above at Apps and eBooks.


Sign Up
Which of the following is not a provision of the Health Insurance Portability and Accountability Act (HIPAA)?



Click Your Answer Below


Would you like to access teaching points and more information on this topic?

Improve Content - Become an Author or Editor and get free access to the entire database, free eBooks, as well as free CME/CE as it becomes available. If interested, please click on "Sign Up" to register.

Purchase- Want immediate access to questions, answers, and teaching points? They can be purchased above at Apps and eBooks.


Sign Up
Which is included in HIPAA regulations?



Click Your Answer Below


Would you like to access teaching points and more information on this topic?

Improve Content - Become an Author or Editor and get free access to the entire database, free eBooks, as well as free CME/CE as it becomes available. If interested, please click on "Sign Up" to register.

Purchase- Want immediate access to questions, answers, and teaching points? They can be purchased above at Apps and eBooks.


Sign Up
When was the Health Insurance Portability and Accountability Act established?



Click Your Answer Below


Would you like to access teaching points and more information on this topic?

Improve Content - Become an Author or Editor and get free access to the entire database, free eBooks, as well as free CME/CE as it becomes available. If interested, please click on "Sign Up" to register.

Purchase- Want immediate access to questions, answers, and teaching points? They can be purchased above at Apps and eBooks.


Sign Up
When did the privacy component of HIPPA take effect?



Click Your Answer Below


Would you like to access teaching points and more information on this topic?

Improve Content - Become an Author or Editor and get free access to the entire database, free eBooks, as well as free CME/CE as it becomes available. If interested, please click on "Sign Up" to register.

Purchase- Want immediate access to questions, answers, and teaching points? They can be purchased above at Apps and eBooks.


Sign Up
A patient requests a return call to his cell phone. Which law requires the pharmacy to comply?



Click Your Answer Below


Would you like to access teaching points and more information on this topic?

Improve Content - Become an Author or Editor and get free access to the entire database, free eBooks, as well as free CME/CE as it becomes available. If interested, please click on "Sign Up" to register.

Purchase- Want immediate access to questions, answers, and teaching points? They can be purchased above at Apps and eBooks.


Sign Up
HIPAA regulations require a privacy procedure for a healthcare provider to include which of the following?



Click Your Answer Below


Would you like to access teaching points and more information on this topic?

Improve Content - Become an Author or Editor and get free access to the entire database, free eBooks, as well as free CME/CE as it becomes available. If interested, please click on "Sign Up" to register.

Purchase- Want immediate access to questions, answers, and teaching points? They can be purchased above at Apps and eBooks.


Sign Up
A pharmacy technician discusses the use of a drug with a patient in a waiting area with other people around and listening. What federal law was violated?



Click Your Answer Below


Would you like to access teaching points and more information on this topic?

Improve Content - Become an Author or Editor and get free access to the entire database, free eBooks, as well as free CME/CE as it becomes available. If interested, please click on "Sign Up" to register.

Purchase- Want immediate access to questions, answers, and teaching points? They can be purchased above at Apps and eBooks.


Sign Up
A nurse is working on the medical-surgical floor and sitting at the desk catching up on charting. A woman approaches the nurse's desk and states, "I am the neighbor of Mrs. Smith in room 227, and I am a retired nurse." She then asks, "Can you tell me the results of her blood work and biopsy?" How should the nurse respond? Select all that apply.



Click Your Answer Below


Would you like to access teaching points and more information on this topic?

Improve Content - Become an Author or Editor and get free access to the entire database, free eBooks, as well as free CME/CE as it becomes available. If interested, please click on "Sign Up" to register.

Purchase- Want immediate access to questions, answers, and teaching points? They can be purchased above at Apps and eBooks.


Sign Up

Health Insurance Portability and Accountability Act (HIPAA) - References

References

Government Cloud Computing Policies: Potential Opportunities for Advancing Military Biomedical Research., Lebeda FJ,Zalatoris JJ,Scheerer JB,, Military medicine, 2018 Feb 7     [PubMed]
Pagers, Smartphones, and HIPAA: Finding the Best Solution for Electronic Communication of Protected Health Information., Freundlich RE,Freundlich KL,Drolet BC,, Journal of medical systems, 2017 Nov 25     [PubMed]
Communicating Radiology Test Results: Are Our Phone Calls Excessive, Just Right, or Not Enough?, Bhatti ZS,Brown RKJ,Kazerooni EA,Davenport MS,, Academic radiology, 2017 Nov 23     [PubMed]
Collaboration, confidentiality, and care., Moss LS,, Psychological services, 2017 Nov     [PubMed]
Use of Short Message Service and Smartphone Applications in the Management of Surgical Patients: A Systematic Review., Lu K,Marino NE,Russell D,Singareddy A,Zhang D,Hardi A,Kaar S,Puri V,, Telemedicine journal and e-health : the official journal of the American Telemedicine Association, 2017 Nov 7     [PubMed]
Lessons Learned From HIPAA Enforcement.,, Journal of the California Dental Association, 2016 Nov     [PubMed]
Patient Privacy in the Era of Big Data., Kayaalp M,, Balkan medical journal, 2018 Jan 20     [PubMed]
Prevalence of Sharing Access Credentials in Electronic Medical Records., Hassidim A,Korach T,Shreberk-Hassidim R,Thomaidou E,Uzefovsky F,Ayal S,Ariely D,, Healthcare informatics research, 2017 Jul     [PubMed]
The HIPAA Privacy Rule and the EU GDPR: Illustrative Comparisons., Tovino SA,, Seton Hall law review, 2017     [PubMed]
Privacy and Security in Multi-User Health Kiosks., Takyi H,Watzlaf V,Matthews JT,Zhou L,Dealmeida D,, International journal of telerehabilitation, 2017 Spring     [PubMed]
Optimizing the Use of Electronic Health Records to Identify High-Risk Psychosocial Determinants of Health., Oreskovic NM,Maniates J,Weilburg J,Choy G,, JMIR medical informatics, 2017 Aug 14     [PubMed]
HIPAA Privacy Tips and Reminders.,, Journal of the California Dental Association, 2016 Sep     [PubMed]
Telehealth and eHealth in nurse practitioner training: current perspectives., Rutledge CM,Kott K,Schweickert PA,Poston R,Fowler C,Haney TS,, Advances in medical education and practice, 2017     [PubMed]
Commentary on "Electronic Communication of Protected Health Information: Privacy, Security, and HIPAA Compliance"., Carlson SF,Mandel JR,, The Journal of hand surgery, 2017 Jun     [PubMed]
Electronic Communication of Protected Health Information: Privacy, Security, and HIPAA Compliance., Drolet BC,Marwaha JS,Hyatt B,Blazar PE,Lifchez SD,, The Journal of hand surgery, 2017 Jun     [PubMed]
Undermining Genetic Privacy? Employee Wellness Programs and the Law., Hudson KL,Pollitz K,, The New England journal of medicine, 2017 Jul 6     [PubMed]
Text Messaging and Protected Health Information: What Is Permitted?, Drolet BC,, JAMA, 2017 Jun 20     [PubMed]
Mitigating Cybersecurity Risks., Rose RV,Kass JS,, Continuum (Minneapolis, Minn.), 2017 Apr     [PubMed]
The HIPAA Security Rule: Are You in Compliance?, Shay DF,, Family practice management, 2017 Mar/Apr     [PubMed]
Infectious Diseases Society of America Position Statement on Telehealth and Telemedicine as Applied to the Practice of Infectious Diseases., Siddiqui J,Herchline T,Kahlon S,Moyer KJ,Scott JD,Wood BR,Young J,, Clinical infectious diseases : an official publication of the Infectious Diseases Society of America, 2017 Feb 1     [PubMed]
A Clinician's Guide to Privacy and Communication in the ICU., Francis L,Vorwaller MA,Aboumatar H,Frosch DL,Halamka J,Rozenblum R,Rubin E,Lee BS,Sugarman J,Turner K,Brown SM,, Critical care medicine, 2017 Mar     [PubMed]
The Law of Unintended Consequences., Haber AD,, Annals of internal medicine, 2016 Dec 6     [PubMed]
Health Information Technology: The Need to Know vs. Data Security.,, The Consultant pharmacist : the journal of the American Society of Consultant Pharmacists, 2016 Sep     [PubMed]
Culture of Respect. Misuse of patient images isn't just about the law., Wirth SR,, JEMS : a journal of emergency medical services, 2016 Sep     [PubMed]
Public Figures, Professional Ethics, and the Media., Fowler DR,, AMA journal of ethics, 2016 Aug 1     [PubMed]
A Patient's Right to Access Records Q-and-A., CDA Practice Support Staff,, Journal of the California Dental Association, 2016 Jul     [PubMed]
Is it time for a HIPAA for physicians?, Gebauer S,Petersen T,Steele E,, Healthcare (Amsterdam, Netherlands), 2016 Dec     [PubMed]
Take a step-by-step approach to HIPAA compliance., Triffletti L,, Medical economics, 2016 Jun 10     [PubMed]
Don't skip your security risk assessment., Gross A,, Medical economics, 2016 May 25     [PubMed]
What to Expect When Phase 2 HIPAA Audits Begin., Rose A,, Journal of AHIMA, 2016 Jun     [PubMed]

Disclaimer

The intent of StatPearls is to provide practice questions and explanations to assist you in identifying and resolving knowledge deficits. These questions and explanations are not intended to be a source of the knowledge base of all of medicine, nor is it intended to be a board or certification review of Nurse-Professional and Ethics. The authors or editors do not warrant the information is complete or accurate. The reader is encouraged to verify each answer and explanation in several references. All drug indications and dosages should be verified before administration.

StatPearls offers the most comprehensive database of free multiple-choice questions with explanations and short review chapters ever developed. This system helps physicians, medical students, dentists, nurses, pharmacists, and allied health professionals identify education deficits and learn new concepts. StatPearls is not a board or certification review system for Nurse-Professional and Ethics, it is a learning system that you can use to help improve your knowledge base of medicine for life-long learning. StatPearls will help you identify your weaknesses so that when you are ready to study for a board or certification exam in Nurse-Professional and Ethics, you will already be prepared.

Our content is updated continuously through a multi-step peer review process that will help you be prepared and review for a thorough knowledge of Nurse-Professional and Ethics. When it is time for the Nurse-Professional and Ethics board and certification exam, you will already be ready. Besides online study quizzes, we also publish our peer-reviewed content in eBooks and mobile Apps. We also offer inexpensive CME/CE, so our content can be used to attain education credits while you study Nurse-Professional and Ethics.