HIPAA

Written authorization is required for:

All of the above. Disclosure of psychotherapy notes. Sale of PHI. Uses or disclosures of PHI for marketing purposes.!

The Security Rule set up national standards for the protection of an individual's health information that is:

All of the above. Transmitted in electronic form. Received in electronic form. Maintained in electronic form.

Entities that transport PHI, but do not access, use, or disclose the information are business associates.

False

Only the emergency department must provide a note of its privacy practices.

False

The Security Rule set up national standards for the use and disclosure of PHI.

False

Which of the following is not a protected identifier?

Favorite color

PHI is an acronym for

Protected Health Information

A covered entity must obtain the individual's written authorization to use or disclose:

Psychotherapy notes

Covered entities must ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain, or transmit.

True

Covered entities that fail to comply with the HIPAA rules may be subject to civil money penalties.

True

De-identified information is PHI stripped of identifiers in a manner that results in information that is no longer protected by the Privacy Rule.

True

Hospitals are "covered entities" and therefore must comply with the Privacy Rule.

True

Individual authorization must be received before the sale of PHI

True

Individual authorization must be received before using PHI for marketing.

True

The HITECH Act was signed into law to promote the adoption and meaningful use of health information technology.

True

The Office for Civil Rights is responsible for administering and enforcing the HIPAA rules.

True