HIPAA

Question 1

The Breach Notification Rule

Answer 1

Requires covered entities to notify affected individuals; U.S. Department of Health and Human Services (HHS); and, in some cases, the media of a breach of unsecured PHI

Question 2

The Privacy Rule

Answer 2

Sets national standards for when protected health information (PHI) may be used and disclosed

Question 3

The Security Rule

Answer 3

Specifies safeguards that covered entities and their business associates must implement to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI)

Question 4

A Covered Entity includes: (select all that apply)
a. Health plans
b. Healthcare clearing house
c. Health providers
d. School administrators

Answer 4

a, b, c

Question 5

The acronym for HIPAA means:

Answer 5

Health Insurance Portability and Accountability Act

Question 6

The impermissible use or disclosure of PHI is presumed to be a breach unless you demonstrate there
is a low probability the PHI has been compromised based on a risk assessment of at least the
following factors:
a. The nature and extent of the PHI involved, including the types of identifiers and the
likelihood of re-identification
b. The unauthorized person who used the PHI or to whom the disclosure was made
c. Whether the PHI was actually acquired or viewed
d. The extent to which the risk to the PHI has been mitigated.
e. All of the above

Answer 6

e

Question 7

WHO MUST COMPLY WITH HIPAA RULES?
a. Covered entities and business associates
b. Police and fire departments
c. Universities
d. Board of education

Answer 7

a

Question 8

Common HIPAA violations include:
a. Impermissble PHI use and disclosure
b. Doctors informing family members about patient’s illness
c. Lack of administrative, technical, or physical ePHI safeguards
d. Lack of individual’s access to their PHI
e. a, c, d

Answer 8

e

Question 9

True or False: Violations may result in civil monetary penalties. In some cases, criminal penalties enforced by the U.S. Department of Justice may apply.

Answer 9

True

Question 10

True or False: The Security Rule determines which security measures each covered entity should use.

Answer 10

False

Question 11

True or False: The HIPAA Breach Notification Rule requires covered entities to notify affected individuals.

Answer 11

True

Question 12

True or False: A covered entity must implement technical policies and procedures that allow only authorized persons to access electronic protected health information (ePHI)

Answer 12

True

Question 13

True or False: An associate asks you for information concerning the medical condition and care of a member of their family. In compliance with HIPAA regulations, you can discuss their primary condition but should not put this information in written or electronic format

Answer 13

False

Question 14

You are working on a busy internal medicine floor at a local hospital. You often need patient information quickly. Your preceptor often lends you her computer password to gain access to ePHI. Is this in keeping with HIPAA Administative Safeguards guidelines?

Answer 14

No

Question 15

Which of the following is considered Protected Health Information (PHI)?
a. Birthdate
b. Address
c. First name
d. Age
e. all of the above

Answer 15

e

Question 16

Your patient believes her privacy rights have been violated. You advise her to:
a. let you handle the issue
b. contact an attorney immediately
c. submit a complaint to the privacy offical at the setting where the breech occurred

Answer 16

c

Question 17

Patients have a right to:
a. View and recieve a copy of their medical records
b. request amendments or changes to their medical records
c. request restrictions to the use or disclosure of PHI
d. request an accounting of the disclosures of their PHI
e. All of the above

Answer 17

e