HIPAA Training
The administrative requirements of HIPAA include all of the following EXCEPT:
Using a firewall to protect against hackers.
What is the key to HIPAA compliance?
Education
Match the categories of the HIPAA Security standards with their examples: 1. Administrative: 2. Physical: 3. Technical safeguard:
1. Administrative: policies, procedures and internal audits. 2. Physical: doors locked, screen saves/lock, fire prof of records locked. 3. Technical safeguard: passwords, security logs, firewalls, data encryption.
Match the following two types of entities that must comply under HIPAA: 1. Covered Entities: 2. Business Associates:
1. Covered Entities: Healthcare Providers, Health Plans, Healthcare Cleringhouses. 2. Business Associates: Third parties that perform services for or exchange data with Covered.
Match the following components of the HIPAA transaction standards with description: 1. HIPAA Standardized Transactions: 2. Code Sets: 3. Unique Identifiers:
1. HIPAA Standardized Transactions: Standard transactions to streamline major health insurance processes. 2. Code Sets: Standard for describing diseases. 3. Unique Identifiers: Standard for identification of all providers, payers, employers and...
Match the two HIPPA standards 1. Privacy Standards: 2. Security Standards:
1. Privacy Standards: Standards for controlling and safeguarding PHI in all forms. 2. Security Standards: Standards for safeguarding of PHI specifically in electronic form
All of the following are parts of the HITECH and Omnibus updates EXCEPT?
Ability to sell PHI without an individual's approval
The five titles under HIPPA fall logically into which two major categories:
Administrative Simplification and Insurance reform
The Security Rule's requirements are organized into which of the following three categories:
Administrative, Security, and Technical safeguards
Under HIPPA, an individual has the right to request: a. Access to their PHI. b. A copy of their PHI. c. A correction to their PHI. d. An accounting of where their PHI has been disclosed. E. All of the Above.
All of the Above
The Security Rule allows covered entities and business associates to take into account: a. Their size, complexity, and capabilities. b. Their technical infrastructure, hardware, and software security capabilities. c. The costs of security of potential risks to ePHI. d. Their access to and use of ePHI. e. All of the above
All of the above
The HIPAA Security Rule was specifically designed to: a. Protect the integrity, confidentiality, and availability of health information. b. Protect against unauthorized uses or disclosures. c. Protect against of the workforce and business associates comply with such safeguards d. All of the above.
All of the above.
ARRA stands for which of the following?
American Recovery and Responsibility Act
Who must comply with the Security Rule?
Any person or organization that stores or transmits individually identifiable health information electronically
When should you promote HIPAA awareness?
At the very beginning the compliance process
All of the following are true about Business Associate Contracts EXCEPT?
Business Associate are NOT required to obtain "satisfactory assurances" (i.e., that their PHI will be protected as required by HIPAA law) form their subcontractors.
Penalties for non-compliance can be which of the following types?
Civil and Criminal
Which of the following is NOT a requirement of the HIPAA Privacy standards?
Contracts with covered entities and subcontractors
Which of the following are EXEMPT from the HIPAA Security Rule?
Covered entities or business associates that do not create, receive, maintain or transmit ePHI
Who enforces HIPAA?
Department of Health and Human Services
Which of the following is NOT a covered entity?
Employer
Which one of the following is Not a Covered entity?
Employer
HITECH stands for which of the following?
Health Information Technology for Economic and Clinical Health
What does HIPAA stand for?
Health Insurance Portability and Accountability Act.
All of the following are true regarding the HITECH and Omnibus updates EXCEPT
It guarantees portabil
All of the following can be considered ePHI EXCEPT:
Paper claims records
The use of which of the following unique identifiers is controversial?
Patient ID (SSN)
What does PHI stand for?
Protected Health Information
All of the following are true regarding the Omnibus Rule EXCEPT:
The Omnibus Rule nullifies the previous HITECH regulations and introduces many new provisions into the HIPAA regulations
A Business Associate Contract must specify the following?
The permissible uses and disclosures that may be made of PHI by business associate
What is the main purpose for standardized transactions and code sets under HIPAA?
To provide a common standard for the transfer of healthcare information
All of the below are benefit of Electronic Transaction Standards Except:
Transaction rebates back to submitters
As part of insurance reform individuals can?
Transfer jobs and not be denied health insurance because of pre-exiting conditions
A Business Associate Contract is required between a covered entity and business associate if Protected Health Information (PHI) will be shared between the two.
True
Minimum Necessary Disclosure means using the minimum amount of PHI necessary to accomplish the intended purpose of the use or disclosure.
True
The HIPAA Security Rule is a technology neutral, federally mandated "floor" of protection whose primary objective is to protect the confidentiality, integrity and availability of individually identifiable health information in electronic form when it is stored, maintained, or transmitted
True
The HIPPA Privacy standards provide a federal floor for healthcare privacy and security standards and do NOT override more strict laws which potentially requires providers to support two systems and follow the more stringent laws. True or False
True
In which of the following situations is a Business Associate Contract NOT required: a. With persons or organizations whose functions or services do note involve the use or disclosure. b. With a person or organizations that acts merely as a conduit for protected health information. c. With a financial institution that processes payments. d. All of the above
all of the above
Which of the follow is true regarding a Business Associate Contract? a. Is required between a covered entity and business associate if Protected Health Information (PHI) will be shared between the two. b. Is written assurance that a Business Associate will appropriately safeguard PHI that they use or have disclosed to them from a covered entity. c. Defines the obligations of a Business Associate. d. All of the above.
all of the above
The Administrative Simplification section of HIPAA consists of standards for the following areas: a. Transactions, Code sets, Unique identifiers. b. Privacy. c. security. d. All of the above
d. All of the above
Which one of the following is a Business Associate? a. Medical billing and collections company. b. Medical transcriptions company. c. IT Consultant d. all of the above
d. all of the above
All of the following are implications of non-compliance with HIPAA EXCEPT:
public exposure that could lead to loss of market share
The Privacy and Security rules specified by HIPAA are reasonable and scalable to account for the nature of each organization's culture, size, and resources. Each organization will determine its own privacy policies and security practices within the context of the HIPPA requirements and its own capabilities needs.
true