Defining a process for gathering information pertaining to a hipaa.docx
1. Defining a process for gathering information pertaining to a hipaa
Questions & Answers1. What are the four parts of the administrative simplification
requirements of HIPAA? 2. Name three factors used to determine whether you need to
comply with HIPAA. 3. What are the three categories of entities affected by HIPAA Medical
Privacy Regulations? 4. What would business associates of covered entities consist of as it
pertains to HIPAA’s regulation?5. Who/what is covered by the HIPAA Privacy Rule? Give
some examples. 6. What information is protected in HIPAA? 7. Describe the Basic Principle
and Required Disclosures of HIPAA. 8. Is a health information organization (HIO) covered
by the HIPAA Privacy Rule? 9. Does the HIPAA Privacy Rule inhibit electronic health
information exchange across different states or jurisdictions? 10. How should a covered
entity respond to any HIPAA Privacy Rule violation of a health information organization
(HIO) acting as its business associate? 11. True or false: As a patient, your doctor must have
you sign a HIPAA Consent and Release Form to share your ePHI or PHI with insurance
providers who pay your medical bills. This is part of the HIPAA Privacy Rule. 12. After the
patient provides consent and permission to the medical practice or covered entity, what
agreement is needed between the medical practice and its downstream medical insurance
claims processor or downstream medical specialist that requires the patient’s ePHI? 13.
Why is security awareness training for all employees within a health care organization a
major component of HIPAA compliance?14. Under the HIPAA Security Rule, it is a
requirement for a health care organization to have a security incident response plan and
team to handle potential security incidents and breaches. Why is this a requirement? 15.
True or false: It is a requirement for a health care organization to secure the transmission of
ePHI through the public Internet.