HIPAA
Why was HIPAA created? - correct answer ✔Balance between improving the
flow of information
While protecting the privacy of patients.
What rights does a patient have as defined by HIPAA? - correct answer
✔Request access to health info.
Request to amend their health info.
Request restrictions to information sharing
Request accountability of disclosures.
What are the things that HIPAA requires? - correct answer ✔Treat all things
we learn about patients as confidential
Provide more control to patients over their personal health information
Punish those who misuse patient information by imposing criminal & civil
What does the privacy rule do? - correct answer ✔Governs who has access
to protected health information (PHI).
What does the security rule do? - correct answer ✔Specifies a series of
administrative, technical and physical security procedures to assure the
confidentiality, integrity and availability of ePHI.
What are examples of administrative HIPAA safe guards? - correct answer
✔Must adopt a written set of privacy procedures
, Designate a Privacy Officer - Dr Sheppard
Implement all required policies and procedures
Policies must reference management oversight and organization buy-in to
compliance with the documented security controls.
Contingency plan for responding to emergencies
Backing up data
Disaster recovery procedures in place
Internal audits Routine and event based Policies and procedures for scope
and frequency of audit
Instructions for addressing and responding to security breaches that are
identifiable during audit or in normal course of business
What are examples of physical HIPAA safe guards? - correct answer
✔Controlling physical access to protect against inappropriate access to
protected data
Introduction and removal of hardware and software from the network
When retire equipment it must be disposed of properly to ensure that PHI is
not compromised
Access to equipment containing PHI should be carefully controlled and
monitored
Access to hardware and software must be limited to properly authorized
individuals
Required access controls consist of facility security plans, maintenance
records, and visitor sign-in and escorts.
Monitor screens should not be in direct view of the public
Contractors or agents, must be fully trained on their physical access
responsibilities
What are examples of technical HIPAA safe guards? - correct answer
✔Encryption software executes an algorithm that is designed to encrypt
Why was HIPAA created? - correct answer ✔Balance between improving the
flow of information
While protecting the privacy of patients.
What rights does a patient have as defined by HIPAA? - correct answer
✔Request access to health info.
Request to amend their health info.
Request restrictions to information sharing
Request accountability of disclosures.
What are the things that HIPAA requires? - correct answer ✔Treat all things
we learn about patients as confidential
Provide more control to patients over their personal health information
Punish those who misuse patient information by imposing criminal & civil
What does the privacy rule do? - correct answer ✔Governs who has access
to protected health information (PHI).
What does the security rule do? - correct answer ✔Specifies a series of
administrative, technical and physical security procedures to assure the
confidentiality, integrity and availability of ePHI.
What are examples of administrative HIPAA safe guards? - correct answer
✔Must adopt a written set of privacy procedures
, Designate a Privacy Officer - Dr Sheppard
Implement all required policies and procedures
Policies must reference management oversight and organization buy-in to
compliance with the documented security controls.
Contingency plan for responding to emergencies
Backing up data
Disaster recovery procedures in place
Internal audits Routine and event based Policies and procedures for scope
and frequency of audit
Instructions for addressing and responding to security breaches that are
identifiable during audit or in normal course of business
What are examples of physical HIPAA safe guards? - correct answer
✔Controlling physical access to protect against inappropriate access to
protected data
Introduction and removal of hardware and software from the network
When retire equipment it must be disposed of properly to ensure that PHI is
not compromised
Access to equipment containing PHI should be carefully controlled and
monitored
Access to hardware and software must be limited to properly authorized
individuals
Required access controls consist of facility security plans, maintenance
records, and visitor sign-in and escorts.
Monitor screens should not be in direct view of the public
Contractors or agents, must be fully trained on their physical access
responsibilities
What are examples of technical HIPAA safe guards? - correct answer
✔Encryption software executes an algorithm that is designed to encrypt
