A series of national standards that health care organizations must have in place in order to safeguard the privacy and security of protected health information (HHS.gov, 2013).

Patients will be provided the opportunity to obtain, read, ask questions, and sign an acknowledgement of receipt of this document prior to or on their first visit (Sterling, 2015).

When a patient's PHI is used or disclosed only the information necessary for that individual to carry out their job function should be provided (HIPAA Journal, 2018).

Forgetting to lock out your computer, improper disposal of patient records, discussing PHI with coworkers, speaking with a patient's family without patient authorization, taking photos that may include PHI, and failing to report violations in a timely manor (Sterling, 2015).

One of the most common reasons for a HIPAA violation (Sterling, 2015).

Information the covered entity creates or receives that identifies the patient, including demographic information (HHS.gov, 2013).

Patient's may request their medical record be amended if they believe there is an error or missing information (HIPAA Journal, 2018).

You are requested to release a patient's medical record for a reason other than treatment, payment, or healthcare operations (Sterling, 2015). You must first do this.

A data breach that affects less than 500 individuals in a single jurisdiction. Individuals must be notified (HIPAA Journal, 2018).

Fulfilling patient privacy and security requirements, amendments, and related legislation (HIPAA Journal, 2018)

Sets national standards for privacy, integrity, and availability of PHI. Outlines safeguards that must be in place to ensure PHI is kept private and establishes guidelines for patient rights to access their records, in addition to uses, disclosures, and authorizations (HHS.gov, 2013).

For treatment, healthcare operations, or payment (HIPAA Journal, 2018).

Exceptions for the release of patient PHI (Sterling, 2015).

A data breach that affects more than 500 individuals within a single jurisdiction. Media and local law enforcement may be notified as well (HIPAA Journal, 2018).

An employee of County Hospital has been selling celebrity PHI to the highest bidder.

Sets national standards for maintaining the security of PHI through a series of technical , physical, and administrative safeguards (HHS.gov, 2013).

Patients may request a copy of their medical record. A written request may be required and records released within 30 days (Agris & Spandorfer, 2016).

A patient has a question about the security and release of their PHI. You direct them to this individual (HIPAA Journal, 2018).

Four tiered system for healthcare organizations is based on the extent to which the organization was aware that HIPAA rules were violated. Tier 1 being unaware of violation and tier 4 being neglectful of HIPAA rules. Financial penalties range from $100 to $50,000 per violation per year with a maximum of $1.5 million per year (HIPAA Journal, 2018)

A nurse intern is responsible for documenting patient hygiene care on the patients he is assigned to. One of the patient's has a newly amputated limb. The nurse intern's curiosity gets the better of him and he reads the patient's H&P to learn the cause of the amputation. This is an example of what.

Outlines processes that must be followed in the event of a data breach (HHS.gov, 2013).

Hospitals and other covered health care providers do not have to provide a notice of privacy practices under these conditions (HIPAA Journal, 2018).

Must be completed yearly and at the time a new employee is hired by the hospital (Agris & Spandorfer, 2016).

Enforces HIPAA rules and will refer possible criminal violations of HIPAA Rules to the Department of Justice. Employees may be criminally liable for violations (Hepp, Tarraf, Birney, & Arain, 2018)

Technology and the policy and procedures for its use that protect electronic PHI and control access to it (HIPAA Journal, 2018).