HIPPA

HCPCS. HCPCS code sets are used to code medical items such as medical supplies, orthotic and prosthetic devices, and durable medical equipment.

Discussing a patient's case with a provider involved in the patient's care. PHI should be disclosed only to those with a need to know, such as providers involved in the patient's care.

$112-$55,910. The civil penalty for unknowingly violating HIPAA is $112-$55,910.

True. Healthcare providers must obtain and use a National Provider Identifier (NPI) for all HIPAA standardized transactions.

Healthcare claim. When a provider asks a health plan for payment, this is a healthcare claim transaction.

True. Patients can restrict disclosure if they pay 100% out of pocket.

A limited dataset is released for research purposes. A limited dataset consists of PHI with patient identifiers removed. Limited datasets may be released for purposes of research, healthcare operations, or public health activities.

Removal of some requirements involving business associates of covered entities and PHI. Under the HITECH Act, business associates of covered entities are now directly liable for HIPAA compliance.

Enrollment and disenrollment in a health plan. When information is sent to a health plan to start or end a patient's healthcare coverage, this is an enrollment and disenrollment in a health plan transaction.

Ensuring that PHI sent electronically is not changed improperly. A technical safeguard for PHI required under HIPAA is integrity control. This includes measures to ensure that 1) PHI sent electronically is not changed improperly and 2) any improper changes will be detected.

All of the above. All of these need to be notified.

True. According to the law, employees may be criminally liable for HIPAA violations.

ICD-10-CM. ICD-10-CM code sets are used to code causes of health problems.

Healthcare payment and remittance advice. When a health plan sends a payment or EOB, this is a healthcare payment and remittance advice transaction.

Decrease the civil penalty for unknowingly disclosing PHI. The HITECH Act did not decrease the civil penalties for unknowingly disclosing PHI.

Authorizing and/or supervising employees who work with electronic PHI. An administrative safeguard for PHI, required under HIPAA, is authorization and/or supervision of employees with access to PHI.

The organization is a covered entity under HIPAA. An organization must follow HIPAA if the organization's business activities involve sending and/or receiving PHI electronically.

Releasing a patient's PHI to the patient when he or she requests access. PHI must be released to a patient when he or she requests access. Friends, co-workers, and the media should not be given access to PHI, unless the patient provides clear, written permission.