HIPAA & Privacy Act

What two laws does the DHA-US001 training cover?

What is Protected Health Information (PHI)?

Which formats are considered electronic PHI (ePHI)?

What does the HIPAA Privacy Rule establish?

What does the HIPAA Security Rule require?

What are the three types of safeguards required by the HIPAA Security Rule?

What is the 'minimum necessary' standard?

Does the minimum necessary standard apply to disclosures for treatment?

What is the Privacy Act of 1974?

What does PII stand for and what does it include?

What is a System of Records Notice (SORN)?

What is a Privacy Impact Assessment (PIA)?

Under what circumstances must an individual be given the opportunity to agree or object to the use and disclosure of their PHI?

Who is a 'covered entity' under HIPAA?

Is the Military Health System (MHS) a covered entity?

What is a Business Associate?

What is required before sharing PHI with a Business Associate?

What are the permitted uses and disclosures of PHI without individual authorization?

What uses of PHI ALWAYS require written authorization from the individual?

What is the HIPAA Breach Notification Rule?

What is considered a 'breach' under HIPAA?

Within what timeframe must individuals be notified of a PHI breach?

When is media notification required for a breach?

What DoD regulation implements the HIPAA Privacy Rule for the Military Health System?

What rights do individuals have under the HIPAA Privacy Rule?

What is the Notice of Privacy Practices (NPP)?

What should you do if you discover or suspect a breach of PHI?

What is the penalty for wrongful disclosure of individually identifiable health information?

What are the 18 HIPAA identifiers that make health information 'individually identifiable'?

What is 'de-identified' health information?

What two methods can be used to de-identify PHI?

Can a service member's commander access their full medical record?

What is the role of the Privacy Officer?

What is the role of the Security Officer?

What training is required under HIPAA?

How often must DoD personnel complete HIPAA and Privacy Act training?

What does HIPAA Title I cover?

What does HIPAA Title II cover?

What are administrative safeguards?

What are physical safeguards?

What are technical safeguards?

What is the 'accounting of disclosures' right?

What is a 'designated record set'?

Under what circumstances can a covered entity deny a request to amend PHI?

What is a Privacy Act 'routine use'?

What should you do before emailing PHI?

What is the difference between 'use' and 'disclosure' of PHI?

Can PHI be disclosed for law enforcement purposes?

What is the HITECH Act and how did it affect HIPAA?

What should you do if you receive a misdirected fax or email containing PHI?

What is 'protected health information' in the context of the Military Health System?

Who can file a HIPAA complaint?

How long must HIPAA-related documentation be retained?

What is 'unsecured PHI'?

What are the four factors in a breach risk assessment?

Can PHI be used for research without individual authorization?

What is the relationship between the Privacy Act and HIPAA in the DoD?

What are consequences for DoD personnel who violate HIPAA or the Privacy Act?