What is the acronym for Health Insurance Portability and Accountability Act?

The Privacy Rule set national standards for the protection of individually identifiable health information by three types of _________ entities: health plans, healthcare clearinghouses, and healthcare providers who conduct the standard healthcare transactions electronically.  

Documents containing Protected Health Information (PHI) must be _________ when discarded.

No breach notice is necessary if there is a ______ probability that the PHI was received or viewed.

Where the Privacy Rule requires patient authorization, voluntary ___________ is not sufficient to permit a use or disclosure of protected health information unless it also satisfies the requirements of a valid authorization.

You may not discuss or disclose any _______ that you learn in performing your job with anyone who does not need to know the information (co-workers not caring for the resident, friends, family, etc.).

"Impermissible use or disclosure" is always presumed to be a breach unless the covered entity or business associate, as applicable, demonstrates that there is a ______ probability that the PHI has been compromised.

Documentation containing Protected Health Information (PHI) must be covered or out of ________ of casual observers.

Notice to the news media can be done by issuing a timely _________ release.  

An authorization must specify a number of elements, including a description of the protected health information to be used and disclosed, the person authorized to make the use or disclosure, the person to whom the covered entity may make the disclosure, an _____________ date, and, in some cases, the purpose for which the information may be used or disclosed.

HIPAA places an obligation on all healthcare providers to use “appropriate ____________” to protect PHI.

An expansion of the HIPAA Privacy Rule which extends the same confidentiality requirements to all contractors or other business associates of a healthcare provider who might have access to Protected Health Information (PHI) is known as the ________ Rule. Such associates can include, for example, billing services, payment handlers, or medical staff contracted from outside.

A facility must ensure that all partner companies have a business associate agreement that addresses all the ________ Rules.

When any breach occurs, the healthcare provider must conduct a risk assessment within ____ days to determine the exact nature of the data released, who received or used it, and if the data was viewed by unauthorized persons.

The Privacy Rule gives individuals the right to revoke, at any time, an Authorization they have given. The revocation must be in writing, and is not effective until the covered entity ____________ it.