Ch. 8 Medical Privacy Quiz Flashcards by Host Mom

The HIPAA (Health Insurance Portability and Accountability Act) directly covers all of the following entities EXCEPT:

A. health plans
B. users of personal health information
C. health care providers
D. health care clearinghouses

B. users of personal health information

How well did you know this?

Not at all

Perfectly

Which of the following is a required use/disclosure under the HIPAA (Health Insurance Portability and Accountability Act)?

A. Disclosure with informal consent
B. Disclosure for public health purposes, such as research
C. Disclosure to Health and Human Services
D. Disclosure when it is in the best interests of the individual

C. Disclosure to Health and Human Services

How well did you know this?

Not at all

Perfectly

All of the following are HIPAA (Health Insurance Portability and Accountability Act) Privacy Rule fundamentals, EXCEPT:

A. Appropriate security must be ensured.
B. An individual must be appointed as a privacy official.
C. Records of disclosures must be maintained.
D. An individual must be appointed for handling complaints.

D. An individual must be appointed for handling complaints.

How well did you know this?

Not at all

Perfectly

The HIPAA (Health Insurance Portability and Accountability Act), Security Rule applies to:

A. protected health information (PHI)
B. any health information
C. PHI that has been encrypted
D. PHI in electronic format

D. PHI in electronic format

How well did you know this?

Not at all

Perfectly

There are two rules under the HIPAA (Health Insurance Portability and Accountability Act), the:

A. Privacy Rule and Safeguards Rule
B. Security Rule and Privacy Rule
C. Security Rule and Safeguards Rule
D. Breach Rule and Safeguards Rule

B. Security Rule and Privacy Rule

How well did you know this?

Not at all

Perfectly

All of the following entities enforce the HIPAA (Health Insurance Portability and Accountability Act), EXCEPT:

A. US Department of Health and Human Services
B. State governors
C. Office of Civil Rights
D. Centers for Medicare and Medicaid Services

B. State governors

How well did you know this?

Not at all

Perfectly

If an entity does not comply with the HIPAA (Health Insurance Portability and Accountability Act) it could face fines of up to:

A. $1,000
B. $20,000
C. $250,000
D. $1 million

C. $250,000

How well did you know this?

Not at all

Perfectly

The HIPAA (Health Insurance Portability and Accountability Act) Security Rule is enforced by:

A. state attorneys general
B. Office of Civil Rights
C. US Department of Health and Human Services
D. Centers for Medicare and Medicaid Services

D. Centers for Medicare and Medicaid Services

How well did you know this?

Not at all

Perfectly

The HIPAA (Health Insurance Portability and Accountability Act) Privacy Rule is enforced by:

A. state attorneys general
B. Office of Civil Rights
C. US Department of Health and Human Services
D. Centers for Medicare and Medicaid Services

B. Office of Civil Rights

How well did you know this?

Not at all

Perfectly

The HIPAA (Health Insurance Portability and Accountability Act) exists for all of the following reasons EXCEPT:

A. to move towards electronic health care transactions
B. to preempt state laws
C. to improve efficiency of the health care system
D. to establish electronic data standards

B. to preempt state laws

How well did you know this?

Not at all

Perfectly

Which part of the Health Insurance Portability and Accountability Act set requirements for the use of protected health information (PHI)?

A. the Security Rule
B. the Accountability Rule
C. the Privacy Rule
D. the Portability Rule

C. The Privacy Rule

How well did you know this?

Not at all

Perfectly

Which of the following is considered a covered entity?

A. any individual who’s health information is protected by HIPAA
B. Any entity that handles PHI must comply.
C. individuals with health insurance
D. any entity in compliance with HIPAA

B. Any entity that handles PHI must comply.

How well did you know this?

Not at all

Perfectly

Individuals that wish to receive a copy of their medical files and protected health information must:

A. Make the request within five years of service
B. Submit their request in writing
C. Make sure all related medical bills are paid
D. Pay related copying and postage expenses

B. Submit the request in writing

D. Pay related copy and postage expenses

How well did you know this?

Not at all

Perfectly

—- is the term for an agreement covered entities enter into with third parties before disclosing PHI to ensure the information will be adequately protected once released.

A. Fair Practice Contract
B. HIPPA Compliance Agreement
C. Safe Harbor Agreement
D. Business Associate Contract

D. Business Associate Contract

How well did you know this?

Not at all

Perfectly

Which of the following are part of the Security Rule of HIPAA?

A. providing individuals with access to their PHI
B. conducting periodic risk assessments to examine the security of PHI
C. education and training programs for employees handling PHI
D. creation of an entity to enforce the Security Rule with the organization

B. conducting periodic risk assessments to examine the security of PHI

C. education and training programs for employees handling PHI

D. creation of an entity to enforce the Security Rule with the organization

How well did you know this?

Not at all

Perfectly

The exceptions outlined in the Privacy Rule of HIPAA refer to:

A. cases in which disclosure of PHI is allowed without the prior approval the individual
B. cases in which an access to PHI may be denied
C. cases in which a covered entity is not held responsible for a privacy violation
D. cases in which an individual need not receive notice of a covered entity’s privacy practices

A. cases in which disclosure of PHI is allowed without the prior approval the individual

How well did you know this?

Not at all

Perfectly

Which of the following is NOT a right guaranteed to individuals under the Privacy Rule of HIPAA?

A. access to their records
B. notice of an entity’s privacy practices and possible third party disclosures
C. limited disclosure of PHI
D. authorization over the destruction/disposal of their PHI

A. access to their records

Which is true of the government’s enforcement practices related to HIPAA?

A. HIPAA is lightly enforced by the U.S. Government.
B. HIPAA is highly enforced by the US Government
C. The Department of Health And Human Services, Office of Civil Rights is in charge of enforcement.
D. The Federal Trade Commission is in charge of enforcement

B. HIPAA is highly enforced by the US Government

C. The Departmenr of Health Services, Office of Civil Rights is in charge of enforcement.

Types of genetic testing include:

A. screening and monitoring
B. screening, monitoring and marking
C. monitoring and marking
D. screening only

A. screening and monitoring

Periodic testing of genetic material to identify modifications due to workplace conditions is referred to as:

A. examining
B. screening
C. monitoring
D. regulating

C. monitoring

The Department of Health and Human Services is part of which branch of the United States government?

A. Legislative
B. Executive
C. Judicial
D. Congress

B. Executive

The Centers for Disease Control and Prevention is part of which Cabinet department?

A. Department of Commerce
B. Department of Health and Human Services
C. Federal Trade Commission
D. Federal Communications Commission

B. Department of Health and Human Services

What information is covered by the privacy rules set forth in HIPAA?

A. medical record information inputted by doctors and support staff
B. medical billing information
C. credit report requests
D. credit score

A. medical record information inputted by doctors and support staff
B. medical billing information

The Privacy Rule protects all “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information “protected health information (PHI).”

What rights do consumers have to their own records, according to the privacy rule of HIPAA?

A. free credit report yearly
B. access to copies of medical records
C. receive notice if private information is to be shared
D. request addition of corrections to records

B. access to copies of medical records
C. receive notice if private information is to be shared
D. request addition of corrections to records

With limited exceptions, the HIPAA Privacy Rule (the Privacy Rule) provides individuals with a legal, enforceable right to see and receive copies upon request of the information in their medical and other health records maintained by their health care providers and health plans.

HIPAA gives patients the right to get copies of all of their medical records. Patients also have the right to view—usually at the medical provider’s offices—their original medical records. HIPAA does allow health care providers to withhold certain types of medical records, including: psychotherapy notes.

A patient has the right to request an amendment to his or her health record per 45 CFR §164.526 of the HIPAA Privacy Rule, and it is the policy of this organization to respond to any amendment requests in accordance with this rule.

Exceptions Under the HIPAA Privacy Rule for Disclosure of PHI Without Patient Authorization
Preventing a Serious and Imminent Threat. …
Treating the Patient. …
Ensuring Public Health and Safety. …
Notifying Family, Friends, and Others Involved in Care. …
Notifying Media and the Public.

What is the more common name for the American Recovery and Reinvestment Act of 2009? A. HIPAA B. stimulus bill C. FACT D. Constitution

B. stimulus bill The American Recovery and Reinvestment Act of 2009, nicknamed the Recovery Act, was a stimulus package enacted by the 111th U.S. Congress and signed into law by President Barack Obama in February 2009.

Which are requirements under HIPAA’s Privacy Rule? Select all that apply. A. A detailed privacy notice provided at the date of first service delivered B. Opt-out authorization for use or disclosure of personal health information outside of HIPAA guidelines C. Limited use and disclosure of personal health information for business associates, such as billing companies D. Safeguards in place to protect the confidentiality and integrity of all personal health information

A. A detailed privacy notice provided at the date of first service delivered C. Limited use and disclosure of personal health information for business associates, such as billing companies D. Safeguards in place to protect the confidentiality and integrity of all personal health information

Who is responsible for enforcing HIPAA’s Privacy and Security Rules? A. Office for Civil Rights (OCR) B. Office of Compliance (OOC) C. Agency for Healthcare Research and Quality (AHRQ) D. Health Resources and Services Administration (HRSA)

A. Office for Civil Rights (OCR)

Which act is intended to expedite the research process for medical devices and prescription drugs? A. Health Insurance Portability and Accountability Act (HIPAA) B. Health Information Technology for Economic and Clinical Health Act (HITECH) C. 21st Century Cures Act D. Comprehensive Alcohol Abuse and Alcoholism Prevention, Treatment and Rehabilitation Act

C. 21st Century Cures Act

HIPAA is quite strict. Which of the following statements is most accurate? A. All medical data is covered by HIPAA B. HIPAA is based on the 5th amend C. Aspects of HIPAA can be disregarded when stricter state law is in place D. All medical practitioners sign a HIPAA declaration before being authorized to practice medicine

C. Aspects of HIPAA can be disregarded when stricter law is in place. HIPAA does not preempt stricter law.

Which of the following is not a key privacy protection under HIPAA? A. Layered privacy notices B. Administrative, physical and technical safeguards C. A privacy professional for covered entities D. Individuals are allowed to access and copy a designated record set

A. layered privacy notices are not a part of HIPAA

The privacy portion of the Health Insurance Portability and Accountability Act applies to what entity? A. insurance companies B. doctors C. pharmacies D. telecommunications companies

A. insurance companies B. doctors C. pharmacies The HIPAA Privacy Rule regulates the use and disclosure of protected health information (PHI) held by "covered entities" (generally, health care clearinghouses, employer-sponsored health plans, health insurers, and medical service providers that engage in certain transactions).

What entity does not have to adhere to the privacy rules set forth in the Health Insurance Portability and Accountability Act? A. employers B. schools C. life Insurance Companies D. doctors

A. employers B. schools C. life Insurance Companies Examples of organizations that do not have to follow the Privacy and Security Rules include: ``` Life insurers. Employers. Workers compensation carriers. Most schools and school districts. Many state agencies like child protective service agencies. Most law enforcement agencies. Many municipal offices. ```

C. 21st Century Cures Act

To what major US industry do the HIPAA laws primarily apply? A. health care B. financial C. information technology D. internet businesses

A. health care

Which of the following were new regulations instituted under HIPAA? A. disclosure of medical information to non-medical professionals only with a warrant B. a new privacy rule to protect patient medical records C. a new security rule which laid out physical, administrative, and technical rules for protecting data D. new privacy rules for all employers offering group health care plans

B. a new privacy rule to protect patient medical records C. a new security rule which laid out physical, administrative, and technical rules for protecting data D. new privacy rules for all employers offering group health care plans

A. Office for Civil Rights (OCR)

C. Aspects of HIPAA can be disregarded when stricter law is in place. HIPAA does not preempt stricter law.

Which of the following is NOT a key privacy protection under HIPAA? A. Layered privacy notices B. Administrative, physical and technical safeguards C. A privacy professional for covered entities D. Individuals are allowed to access and copy a designated record set

A. layered privacy notices are not a part of HIPAA

Which of the following is not a generally required action for a health care provider under the Health Insurance Portability and Accountability Act (HIPAA)? A. Notify patients about their privacy rights and how their information can be used B. Train employees so that they understand the privacy procedures C. Designate an individual responsible for seeing that the privacy procedures are adopted and followed D. Provide an opportunity to opt out of sharing protected health information with non-affiliated third parties for the third parties’ own marketing activities

D. Provide an opportunity to opt out of sharing protected health information with non-affiliated third parties for the third parties’ own marketing activities

HIPAA covered entities must provide privacy and security training to: A. All employees B. Only employees that come into contact with PHI C. Business associates that process PHI D. HIPAA covered entities are not required to provide privacy and security training

A. All employees

Soleil is a chain of exercise clubs and resorts. The company offers excellent health benefits to its employees. These include complete medical, dental, prescription and eye care benefits. Which single statement below is true regarding Soleil’s privacy obligations? A. Soleil is obligated to protect employee benefit information in accordance with its privacy policy only B. Soleil is obligated to protect employee benefit information in accordance with HIPAA requirements for covered entities C. Soleil is obligated to protect employee benefit information in accordance with HIPAA requirements for business associates D. Soleil is not obligated to protect employee benefit information under U.S. law but as a general rule it needs to keep all medical records as strictly confidential

A. Soleil is obligated to protect employee benefit information in accordance with its privacy policy only