HIPAA Awareness Training

Question 1

HIPAA

Answer 1

Health Insurance Portability and Accountability Act

Question 2

United States legislation that provides data privacy and security provisions
for safeguarding medical information.

Answer 2

HIPAA

Question 3

HIPAA’s main objective

Answer 3

To protect the privacy and security of our
health information and to provide us certain rights on our health information.

Question 4

WHAT IS PROTECTED BY HIPAA?

Answer 4

Protected Health Information

Question 5

HIPAA is meant to protect your sensitive health
information in this ecosystem, regulate how it can be used or disclosed, and also give you certain rights to your information.

Answer 5

The Healthcare Ecosystem

Question 6

Two types of organizations that are regulated
under HIPAA:

Answer 6

1. Covered Entities
2. Business Associates

Question 7

Cover Entities composed of:

Answer 7

1. Healthcare providers
2. Health Plans
3. Healthcare clearing houses

Question 8

All third party vendors and business partners that create, receive, maintain or transmit PHI on behalf of a covered entity

Answer 8

Business Associates

Question 9

A term used in the HIPAA Security NPRM for a pattern of agreements that extend protection of health care data by requiring that each covered entity that shares health care data with another entity require that that entity
provide protections comparable to those provided by the covered entity, and that that entity, in turn, require that
any other entities with which it shares the data satisfy the same requirements.

Answer 9

Chain of Trust

Question 10

Structure of the HIPAA Regulations has two major categories:

Answer 10

1, Insurance Reform (Portability)
2. Administrative Simplification (Accountability)

Question 11

The Administrative Simplification section of HIPAA consists of standards for the following areas:

Answer 11

1. Transactions, Code Sets, and Identifiers
2. Privacy
3. Security

Question 12

Standardization of electronic transactions and data required for healthcare exhanges between employers, health insurance payers, and healthcare providers.

Answer 12

Transactions, Code Sets, and Identifiers

Question 13

Safeguards for Protected Health Information in all forms

Answer 13

Privacy

Question 14

Safeguards for protected health information in electronic form (ePHI)

Answer 14

Security

Question 15

USING AND DISCLOSING PHI

Answer 15

1. Permissible Uses and Disclosure of PHI
2. Disclosure Exceptions
3. Authorizations
   3, Sensitive Health Information
   4, Sharing or Disclosing PHI with third parties
4. Minimum Necessary Standard
5. Incidental uses and disclosures
6. De-identification
7. Improper Uses and Disclosures- Breaches

Question 16

Examples of uses and disclosures for TPO for which an authorization is NOT required are:

Answer 16

1. Medical Tx
2. Determination of eligibility or coverage
3. Billing
4. Claims Management
5. Healthcare data processing
6. Conducting Quality Assessment
7. Evaluation of healthcare provider performance
8. Business planning and certain administrative activities
9. Medical Referrals

Question 17

Disclosure Exceptions

Answer 17

1. Emergencies involving imminentn threat to health or safety
2. Where required by law
3. Law enforcement
4. Judicial Proceedings
5. Health oversight activities
6. Public Health Activities
7. Research purpose under limited circumstance
8. Specialized government functions
9. Organ transplant
10. Worker’s Compensation
11. Coreners, medical examiners, and funeral directors
12. Incidental Disclosures

Question 18

Healthcare providers must obtain a __________ for uses or disclosure other than TPO (treatment, payment or operations).

Answer 18

Patient’s Authorization

Question 19

Sensitive Health Information comprises of:

Answer 19

1. Substance Abuse
2. Mental Health
3. Sexually Transmitted Disease

Question 20

The incidentsal disclosures include things such as:

Answer 20

1. waiting room sign-in sheets
2. patient charts at bedside
3. doctors talking with patients in semi-private rooms
4. doctors conferring at nurses stations with the potential of being heard by a passerby

Question 21

Healthcare providers have two options in using and or discloscing PHI outsiside of TPO (treatment, payment, and options)

Answer 21

1. Authorization
2. De-identification

Question 22

The loss of control, compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access, or any similar terms referring to situations where persons other than authorized users and for an other than authorizd purpose have access or potential access to personallly identifiable information, whether physical or electronic.

Answer 22

Breach

Question 23

HIPPA Privacy document is called ____.

Answer 23

Notice of Privacy Practices

Question 24

To comply with HIPAA Privacy. an organization must implement the following 3 components.

Answer 24

1. Compliance Officer
2. Employee Training
3. Formal Documents and Controls

Question 25

The security rule’s requirements are organized into three categories:

Answer 25

1. Administrative safeguards
2. Physical safeguards
3. Technical safeguards

Question 26

Policies and procedures designed to show how the entity will comply with the security role.

Answer 26

Administrative Safeguards

Question 27

The controlling of physical access to protect against inappropriate acces to protected data.

Answer 27

Physical Safguards

Question 28

The controlling of access to computer systems and the protection of communication containing PHI transmitted electronically over open networks.

Answer 28

Technical Safeguards