Castlebranch: HIPPA
A set of members of a health plan have authorized the health plan to use specific parts of their PHI in a marketing campaign. Which of the following is true about this activity by the health plan?
The health plan must only use the minimum necessary information
Which of the following requires authorization from the patient for disclosure of PHI? Select all that apply.
A husband asks for his wife's diagnosis at a physician's office
Which of the following would NOT be considered marketing communication?
A medical practice introduces a new physician to patients
Individuals do not have the right to request amendments to their medical records.
False
Which of the following are considered HIPAA privacy administrative requirements?
All of the above
Which of the following are general security rules under HIPAA?
All of the above
Which of the following must appear on a covered entity's NPP?
All of the above
Which of the following would be considered protected health information?
All of the above
Psychotherapy notes are treated exactly the same as other health care information.
False
A business associate does not need to do risk analysis and management.
False
A covered entity creates a process that ensures that data it receives and transmits is correct and in the same state it was before the transaction. What kind of technical safeguard is this considered to be?
Integrity control
A hospital reports specific cases of an outbreak of a communicable disease to a public health authority. This is permissible because
It is in the public interest
A hospital receives a request to provide a patient's medical record to a correctional facility. The patient then requests an accounting of disclosures. Does the hospital need to include the disclosure to the correctional facility? Why or why not?
No; this use or disclosure is permitted and does not need to be included
Which of the following is considered part of a designated record set? (select all that apply)
Patient's diagnosis Patient's treatment plan Patient's billing record
Which of the following is NOT a permitted use of protected health information under HIPAA?
Patient's medical diagnosis given to an outside caller
What type of safeguard limits access to locations where PHI is kept and maintained?
Physical safeguard
What is the first step a covered entity is expected to take, according to HIPAA standards, if one of its business entities has violated a standard or a breach has occurred?
Take reasonable steps to resolve it
Covered entities are required to provide PHI and medical information when it is requested by the individual.
True
Implementing appropriate security measures should be part of a covered entity's risk analysis.
True
The same covered entities that must comply with HIPAA privacy standards are also required to comply with HIPAA security standards.
True