- What is HIPAA?
HIPAA stands for Health Insurance Portability and Accountability Act of 1996. The Act was developed by Congress to protect the confidentiality of a person's medical information. It sets boundaries on the use and release of health records and establishes safeguards to protect the privacy of health information.
- When does HIPAA go into effect?
The HIPAA Privacy Rule has a compliance deadline of April 14, 2003.
- Does HIPAA only protect patient information in electronic format?
No, HIPAA protects all patient information whether it is written or electronic.
- What is the difference between privacy and security of patient information?
Security is the ability to control access and protect information from accidental or intentional disclosures to unauthorized persons. It is done through the use of technical controls.
Privacy is the controlling of who is authorized to access patient information and under what circumstances patient information may be accessed, used, and/or disclosed to third parties. Privacy is controlled through policies and procedures.
- Does HIPAA protect oral communication?
It ensures that appropriate safeguards are taken when oral communication to third parties and in open-access areas occurs.
- Is all patient information protected?
With a couple of exceptions, protected health information (PHI) includes all individually identifiable health information that is transmitted or maintained in any form or medium. This includes demographic information that ties the identity of the individual to his or her health record. Examples are names, addresses, geographic codes smaller than state, all dates (except year) elements related to the person, telephone numbers, fax numbers, license numbers, social security numbers, etc. The information is protected if it can possibly identify the person. One notable exception involves disclosures of patient information that are required by law. For example, we are required by law to report communicable diseases to the appropriate authorities.
- What is an Acknowledgement of Receipt?
When you receive your Notice of Privacy Practices, either in the mail or from one of our staff members in person, you will be asked to sign an Acknowledgement of Receipt. By signing this document, you are saying that you received a copy of the Notice of Privacy Practices - not that you agree to everything in the Notice or have even read the Notice. We are required by the HIPAA privacy rule to make a good effort at obtaining an acknowledgement from every patient.
- Can a family member or close friend who is involved in an individual's health care be consulted/be involved in sharing health care information in the individual's best interest?
The health care professional can use professional judgment when including a family member or close friend in an individual's care. This includes the sharing of protected health information if it is in the best interest of the patient. If patients have the capacity to make their own decisions, then they must be consulted and given the opportunity to agree or object to the disclosure of protected health information to third parties.
- Should patients also have HIPAA?
Yes, one of the direct effects that the HIPAA laws have on patients is that they must be informed of their rights. Each time a patient goes into a doctor's office, clinic, hospital or counseling office, they must be offered a copy of the HIPAA policies and sign a statement that they have either received this information or declined to receive it. It is important for patients to know their rights when it comes to their medical records. Everyone should know who has access to their personal health information and what purposes that information can be used for.
- Is it right to sell the individual’s health information without their Authorization?
It is not right to sell the individual’s health information without their Authorization.
- In Medical Transcription Industry what is the meaning of PHI?
As a person in the Medical Transcription Industry, we are concerned with the privacy rule and the security rule. The key element, which we must safeguard is the so called Protected Health Information. For us, PHI is the patient personal information and their medical records (voice files, transcribed reports, and patient demographics, etc.)
Yes, health care providers are restricted from consulting with other providers about a patient's condition without the patient's written authorization.
- What are the 4 levels of severity?
There are 4 levels of severity,
i. Did not know.
ii. Reasonable cause.
iii. Willful neglect – corrected.
iv. Willful neglect – not corrected.
- What is the maximum penalty?
The maximum penalty from criminal liability for knowingly obtaining or disclosing individuality identifiable health information is a fine of $50,000 and imprisonment of not more than one year (class 6 felony).
- Is it right to include any files containing PHI in your backups?
We should never include any files containing PHI in your backups.
- What should the password contain?
Password should contain uppercase and lowercase letter, number and symbols with at least 8 characters.
- If you are in Transcription platform what are the steps you should take when logging-off your computer?
Your transcription platform should auto-logoff whenever your system remains inactive for 15 minutes. If you need to be away from your computer for more than 5 minutes, it is better to log off. Alternatively, you can set up a screen saver password.
- If you are working from home what are the steps you should take care to protect patient information?
For transcriptionists working from home, you should,
i. Restrict your guests, visitors, and even your family members from accessing your work area.
ii. Discourage family members from using your workstation. If unavoidable, set up separate user accounts for your family members. The ideal case is to allocate a computer exclusively for transcription use.
- How to protect the work station?
Always protect your workstation with a password.
i. Create strong passwords.
ii. Passwords containing uppercase and lowercase letter, number and symbols with at least 8 characters are ideal.
iii. Change password every 90 days.
iv. Passwords should not shared.
- What is the full form of WPA?
Wifi Protected Access.
- What are the steps you should take care when you are rectifying your hard disk?
If you need to repair components of your computer by a vendor, and if your computer has patient information in it, you must take the following precautions,
i. If a technician needs to rectify your hard disk, ask to rectify the crashed hard disk in your presence. Make sure that any content from your hard disk is not copied to any another disk or storage device, which does not belong to you. Else, replace the hard disk and safely destroy the old ones.
ii. Never leave the computer with vendor technician alone.
- If you use backup software or use an off-site service to backup your computer what are the precautions you should take?
If you use backup software or use an off-site service to backup your computer, then we need to use these precautions,
i. Never include any files containing PHI in your backups.
ii. Always use encryption and/or strong passwords to protect the backups.
- When you are deleting the files what is the step you should take care?
When you are deleting files from your computer, do not forget to empty your recycle bin. The deleted files (from the folders) will be put back in the recycle bin by default. So, you also need to periodically empty your recycle bin to complete the deletion.
- Are we directly governed by HIPAA regulations?
We will be directly governed by HIPAA regulations.
- What is your immediate action if you have discovered any unauthorized disclosure of PHI or potential violation of HIPAA rules?
If you have discovered any unauthorized disclosure of PHI or potential violation of HIPAA rules, you must report the disclosure to our HIPAA compliance officer immediately.
- What is the penalty if the offense is committed with the intent to sell, transfer or use individually identifiable health information for commercial advantage, personal gain or malicious harm?
If the offense is committed with the intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, the maximum penalty is a fine of $250,000 and imprisonment of not more than ten years.
27. Is it right that if your work place is on the ground floor, place your workstation well away from the window?
Yes, if your work place is on the ground floor, place your workstation well away from the window.
- What are the precautions you should take care if you use a laptop?
i. Always remove PHI data if you transport (move from your home) your laptop.
ii. Never perform tasks utilizing PHI data in public or where passers-by may see it.
iii. Never utilize unknown, free, or public networks (neither wired nor wireless).
iv. Never leave your laptop unattended.
- Is it right not to send any information containing PHI through unencrypted emails?
No, we should never send any information containing PHI through unencrypted emails.
30. If you need to fax documents containing PHI what is the precaution you should take?
If you need to fax documents containing PHI, you must redact PHI before you fax the document. If you cannot redact PHI, then do not send the document by fax. Send the document by encrypted email.
- Is it right to perform tasks utilizing PHI data in public or where passers by may see it?
No, we should never perform tasks utilizing PHI data in public or where passers by may see it.
- If you are storing a copy of sample reports on your computer for reference, is it necessary to remove any personally identifiable information in them?
If you are storing a copy of sample reports on your computer for reference, it is necessary to remove any personally identifiable information in them like date of birth, name, SSN, and MRN, as these can cause HIPAA compliance.
- Can you copy the patient data from your laptop and any removable devices?
No, we are not supposed to copy the patient’s data from our own laptop, any removable devices like pen drivers, ipods, external hard disks or storage devices such as floppies, CDs, DVDs, etc., as these devices could get lost or stolen.
- What is the meaning of class 6 felony?
The maximum penalty from criminal liability for knowingly obtaining or disclosing individuality identifiable health information is a fine of $50,000 and imprisonment of not more than one year (class 6 felony).
- What do you mean by Physical Security?
The Rule defines physical safeguards as "physical measures, policies and procedures to protect a covered entity's electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion."
- What does HITECH stand for?
The Health information technology for economic and clinical health.

Comments
Post a Comment