In 2014, Google was alleged to have violated the Family Educational Rights and Privacy Act (FERPA) through its Apps for Education suite of tools. For what specific practice did students sue the company?
Correct Answer: A
Question 37
What important action should a health care provider take if the she wants to qualify for funds under the Health Information Technology for Economic and Clinical Health Act (HITECH)?
Correct Answer: A
The HITECH Act was enacted as part of the American Recovery and Reinvestment Act of 2009 to promote the adoption and use of health information technology, especially electronic health records (EHRs), in the United States. The HITECH Act established the Medicare and Medicaid EHR Incentive Programs, which provide financial incentives to eligible health care providers who demonstrate meaningful use of certified EHR technology. Meaningful use is defined as using EHRs to improve quality, safety, efficiency, and coordination of care, as well as to engage patients and protect their privacy and security. To qualify for the incentive payments, health care providers must meet certain objectives and measures that demonstrate meaningful use of EHRs as part of their regular care. Some of these objectives and measures include: * Protect electronic protected health information (ePHI) * Generate prescriptions electronically * Implement clinical decision support (CDS) * Use computerized provider order entry (CPOE) for medication, laboratory, and diagnostic imaging orders * Timely patient access to electronic files * Exchange health information with other providers and public health agencies * Report clinical quality measures and public health data Therefore, the correct answer is A. Making EHRs part of regular care is an important action that a health care provider must take if she wants to qualify for funds under the HITECH Act. References: * What is the HITECH Act? 2024 Update, section "The Meaningful Use Program" * The HITECH Act explained: Definition, compliance, and violations, section "HITECH Act definition and summary" and "Why was the HITECH Act created and why is it important?" * Proposed Rulemaking to Implement HITECH Act Modifications, section "The Health Information Technology for Economic and Clinical Health (HITECH) Act" * Health Information Technology for Economic and Clinical Health (HITECH) Audits, section "The American Recovery & Reinvestment Act of 2009 (ARRA, or Recovery Act)" * What is HITECH Compliance? Understanding and Meeting HITECH Requirements, section "HITECH Compliance Requirements"
Question 38
Which law provides employee benefits, but often mandates the collection of medical information?
Correct Answer: D
The Family and Medical Leave Act (FMLA) is a federal law that provides eligible employees with up to 12 weeks of unpaid, job-protected leave per year for certain family and medical reasons, such as the birth or adoption of a child,the serious health condition of the employee or a family member, or a qualifying exigency arising from the employee's spouse, child, or parent being on covered active duty or call to covered active duty status in the Armed Forces. The FMLA also provides eligible employees with up to 26 weeks of unpaid, job-protected leave per year to care for a covered service member with a serious injury or illness if the employee is the spouse, child, parent, or next of kin of the service member. The FMLA applies to all public agencies, including state, local, and federal employers, and local education agencies (schools), and to private sector employers who employ 50 or more employees for at least 20 workweeks in the current or preceding calendar year. The FMLA often requires employers to collect medical information from employees who request FMLA leave or from their health care providers to certify the need for leave, the duration of leave, and the employee's ability to return to work. The FMLA regulations specify the type and amount of information that employers may request and require for different types of FMLA leave, such as: * Basic medical facts, such as the diagnosis, symptoms, hospitalization, doctor visits, whether medication has been prescribed, and any referrals for evaluation or treatment, for the employee's own serious health condition or that of a family member. * Information on the medical necessity of intermittent leave or reduced schedule leave and the expected frequency and duration of such leave, for the employee's own serious health condition or that of a family member, or for planned medical treatment. * A statement of the facts regarding the qualifying exigency, such as the type of military duty, the dates of the covered active duty, and the contact information of the military member, for leave due to a qualifying exigency arising from the employee's spouse, child, or parent being on covered active duty or call to covered active duty status in the Armed Forces. * Information on the medical condition, treatment, and recovery of the covered service member, such as the date of injury or onset of illness, the current medical status, the prognosis, and the estimated time of treatment, for leave to care for a covered service member with a serious injury or illness. The FMLA also imposes certain obligations on employers to protect the privacy and security of the medical information they collect from employees or their health care providers. For example, employers must: * Maintain records and documents relating to medical certifications, recertifications, or medical histories of employees or employees' family members as confidential medical records in separate files/records from the usual personnel files, and if the Americans with Disabilities Act (ADA) applies, such records * must be maintained in conformance with ADA confidentiality requirements. * Ensure that any electronic systems used to maintain such records meet the confidentiality requirements of the FMLA and the ADA, and that only authorized persons have access to such records. * Limit the disclosure of such records to supervisors and managers who need to know about an employee's FMLA leave, first aid and safety personnel when an employee's medical condition might require emergency treatment, and government officials investigating compliance with the FMLA. * Comply with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule when requesting medical information from an employee's health care provider, such as obtaining a valid authorization from the employee or using a HIPAA-compliant certification form. * Refrain from requesting more information than allowed by the FMLA regulations, such as asking for an employee's complete medical records or information unrelated to the FMLA leave request. * Respect the employee's right to revoke a medical authorization or challenge a medical certification, and follow the procedures for resolving disputes over the validity or sufficiency of such documents. References: * The Family and Medical Leave Act (FMLA) * FMLA Employee Guide * FMLA Employer Guide * FMLA Regulations * FMLA Forms
Question 39
Which entities must comply with the Telemarketing Sales Rule?
The "Consumer Privacy Bill of Rights" presented in a 2012 Obama administration report is generally based on?
Correct Answer: D
The Consumer Privacy Bill of Rights is a set of principles that the Obama administration proposed in 2012 to guide the development of privacy legislation and policies in the United States. The report that introduced the bill of rights stated that it was "generally based on the widely accepted Fair Information Practice Principles (FIPPs)"1, which are a set of standards that originated in the 1970s and have influenced many privacy laws and frameworks around the world. The FIPPs include concepts such as individual control, transparency, security, accountability, and data minimization2. The Consumer Privacy Bill of Rights adapted and expanded these principles to address the challenges and opportunities of the digital economy1. References: 1: Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy2, page 92: IAPP CIPP/US Certified Information Privacy Professional Study Guide3, page 17.
