Question

1) The Administrative Simplification standards adopted by Health and Human Services (HHS) under HIPAA apply to any organization/individual that is a

health care provider that conducts certain transactions in electronic form

health care clearinghouse

business associate

health plan

1,2, and 4

all of the above

2) Under the Privacy Rule, information such as a social security number is

Confidential health information

Preventive Health Information Protected health information

Private health information

3) A covered entity may use and disclose protected health information for its own treatment, payment, and health care operations activities. Which of the following are health care operations activities? business planning, development, management, and administration competency assurance activities credentialing and accreditation quality assessment and improvement activities 1, 2 & 3 All of the above 4) Although records-retention policies vary depending on the type of record, the American Hospital Association recommends retaining medical records for at least how long? The statute of limitations period of the state Ten years Twenty-five years The life of the patient Thirty years

Answer 1

1.All of the above

Explanation:

To improve the efficiency and effectiveness of the health care system, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), included Administrative Simplification provisions that required HHS to adopt national standards for electronic health care transactions and code sets, unique health identifiers, and security.

Individuals, organizations, and agencies that meet the definition of a covered entity under HIPAA must comply with the Rules' requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information.

If a covered entity engages a business associate to help it carry out its health care activities and functions, the covered entity must have a written business associate contract or other arrangement with the business associate that establishes specifically what the business associate has been engaged to do and requires the business associate to comply with the Rules’ requirements to protect the privacy and security of protected health information.

A Covered Entity is one of the following: health care provider, a health plan,a health care clearing house.

2. protected health information

Explanation:

The HIPAA Privacy Rule covers protected health information in any medium while the HIPAA Security Rule covers electronic protected health information. The following comes under protected health information,

(D) Telephone numbers;

(E) Fax numbers;

(F) Electronic mail addresses;

(G) Social security numbers;

(H) Medical record numbers;

(I) Health plan beneficiary numbers;

(J) Account numbers;

3.All of the above

Explanation:

• “Health care operations” are certain administrative, financial, legal, and quality improvement activities of a covered entity that are necessary to run its business and to support the core functions of treatment and payment. These activities, which are limited to the activities listed in the definition of “health care operations”, include:
  • Conducting quality assessment and improvement activities, population-based activities relating to improving health or reducing health care costs, and case management and care coordination;
  • Reviewing the competence or qualifications of health care professionals, evaluating provider and health plan performance, training health care and non-health care professionals, accreditation, certification, licensing, or credentialing activities;
  • Underwriting and other activities relating to the creation, renewal, or replacement of a contract of health insurance or health benefits, and ceding, securing, or placing a contract for reinsurance of risk relating to health care claims
  • Conducting or arranging for medical review, legal, and auditing services, including fraud and abuse detection and compliance programs;
  • Business planning and development, such as conducting cost-management and planning analyses related to managing and operating the entity; and
  • Business management and general administrative activities, including those related to implementing and complying with the Privacy Rule and other Administrative Simplification Rules, customer service, resolution of internal grievances, sale or transfer of assets, creating de-identified health information or a limited data set, and fundraising for the benefit of the covered entity.

4.Ten years.

Explanation:

As storage space becomes more limited, healthcare providers often wonder when they can begin disposing of old patient records. The recommended time for retaining medical records depends on a number of factors, including:

• State regulations.
• Medicare and third-party payor requirements.
• Standards set by accreditation organizations
• The statute of limitations for bringing medical malpractice claims or other legal action against the healthcare provider.The American Hospital Association and American Health Information Management Association both recommend retaining medical records for at least 10 years after a patient's most recent treatment.

The safest approach is to retain medical records for adult patients at least 10 years; longer if the patient was a minor or incompetent at the time of treatment.

State regulations tend to vary widely, and often depend on how the provider is licensed. Physicians are less likely to be subject to state regulations regarding retention of medical records than hospitals and other institutional providers which usually are governed by specific state licensure requirements. State licensing agencies may impose longer retention periods for X-rays and similar documents than for other types of medical records.