HCCA - CHPC Study Revised Questions and Answers / Sure A+ (MASTER FLASHCARDS)

1. What are the required core elements of a VALID Authorization. Ref. 45 CFR 164.508(b) - 1. Description 2. Purpose use/disclosure 3. Recipient 4. Authorized person making the disclosure 5. Expiration date 6. Signature/dates 38 U.S.C. 7332 deals with confidentially of patient medical record information related to: a. drug abuse, sexually transmitted diseases, and tuberculosis b. HIV/AIDS status c. drug abuse, alcoholism, infection with the HIV virus, and sickle cell anemia d. mental illness, HIV status, drug and alcohol abuse - c. drug abuse, alcoholism, infection with the HIV virus, and sickle cell anemia 45 CFR 164 - Subpart C outlines the three safeguards to ensure the _____, ____, ____ of ePHI that both, CE and BA must implement to ensure compliance and protect against anticipated threats, and/or reasonably anticipated uses/disclosures (incidental/inadvertent/unintentional) - Confidentiality, integrity, availability Note: Accidental - must be reported. An accidental HIPAA violation refers to the unauthorized disclosure of PHI (protected health information) without intent. Despite having safeguards and protective measures in place, there is still a possibility of breaching HIPAA regulations. These types of violations could include an employee accidentally seeing a different patient's medical records, an email being sent to the wrong person or the loss or theft of a personal device that contains PHI. A clinic has patient data that an independent researcher would like to access. The researcher only needs de-identified information, but the clinic does not have the resources to strip the patients identifiers from the data being requested. The researcher does have the resources and offers toremove the identifiers before beginning the research. A privacy official should inform that it can provide the PHI to the researcher if the clinic: a. notifies each patient whose information is disclosed b. modifies the hospital's NPP c. requires the researcher to obtain waiver of authorization d. has the researcher show proof of privacy training - c. requires the researcher to obtain waiver of authorization