Review MLT
A respiratory therapist is going to perform an arterial blood gas collection. This can be a painful procedure. What steps can the therapist take to ease the patient's anxiety?
-Explain the procedure to the patient before proceeding with the collection. -Ask the patient if he/she has any questions about the procedure.
Which of the following statements are TRUE regarding "protected health information" (PHI)?
-PHI includes information that is transmitted in any form (orally, on paper, or electronically). -It includes a patient's past, present, and future physical or mental health conditions.
Which of the following are examples of sufficient physical safeguards for protecting health information?
-Shredding unneeded documents containing PHI -Locking offices and file cabinets containing PHI
Your institution is a covered entity as defined by HIPAA. The following will be true?
-You will have a Privacy Officer (Official) -You will have a Security Officer (Official) -The Privacy Official and Security Official may be the same person.
You have access to your friend's laboratory test results. She asks you to look up the results for her.
Ask the friend to contact her doctor to obtain the results. *Patients should request their laboratory results from their doctor. The doctor has the responsibility of explaining the results to the patient.
Which of these actions could lead to unauthorized access to electronic protected health information (ePHI)?
Failing to log off the system when you leave
The HIPAA privacy regulation prohibits faxing of PHI to other health care providers.
False The regulations do not prevent faxing of PHI. Covered entities must have appropriate policies, procedures, and processes in place to make faxing of PHI as secure as possible.
You work in a physician office and your PC contains electronic copies of letters to patients requesting payment of overdue bills. You decide to take the information home using a USB Flash drive so you can work on it at night. This is okay as long as you load the letters to your own computer at home and do not share them with anyone.
False: The HIPAA Security Rule requires that all electronic media, including flash drives, be controlled. Taking PHI home would violate your institutions policies and procedures for the control of portable digital media. It also compromises the security of the PHI stored on that drive.
A patient event occurred. The error was caught in time before the patient was seriously injured. Which of the following is an appropriate response to the incident?
Investigate and file an occurrence report that documents the problem and corrective actions.
Healthcare professionals are faced with ethical decisions, often on a daily basis. What should be the basis for all decisions made in the healthcare environment?
Patient welfare and safety
You work as a medical coder. You have witnessed on several occasions that the department head has unbundled codes to obtain additional reimbursement. What action should you take?
Report the department head using the procedure given in the facility's whistleblower policy.
In which of these cases would it be acceptable for you to identify a patient by name and discuss the patient's laboratory test results?
The results are necessary for treatment of the patient and you are discussing the results with the clinical staff who are treating the patient.
A hospital staff member is registering a patient prior to a procedure that will be done in the outpatient clinic. After the registration is completed and the patient is sent back to the waiting area from the registration office, the staff member realizes that he forgot to ask about current medications. How should this be handled?
The staff member should call the patient back to the registration office to obtain the information.
A healthcare provider is discussing a specific patient's health problem with another provider in an elevator. The provider is specifying the patient by name.
This is acceptable, even if other people are present, as long as the elevator is restricted to employee use only.
You are checking your hospital email. You open an email from an unknown sender offering you a free program that will show you the current time of day in all world time zones. You click to download the program. Now....
You may have inadvertently downloaded spyware or a virus onto your computer.
You are presenting a case study at a conference. The case involves a patient who was in your care and is now deceased. You would like to use specific information about the case. To be in compliance with the HIPAA Privacy Rule, what needs to be done before using the individual's health information in your presentation?
You need to de-identify the information by removing all patient identifiers.
Healthcare workers are competent if they ___________
apply knowledge and skills in the work setting.
Privacy Rule regulations HIPAA
apply to health information in all forms including oral, paper, and electronic.
PHI (HIPAA)
encompasses information about a person, including their physical or mental health information, their payment information, and their demographic information. It applies to all such information regardless of its form, and includes oral, written, and electronic communications.
The HIPAA Privacy Rule applies to covered entities. Which of the following are examples of covered entities?
hospitals and physician offices; health plans, such as health insurance companies; and healthcare clearinghouses, such as billing companies.
Which one of the following types of documents is defined as, "statements that describe intents: what is done and why it is done."
policies
An individual's name, address, health identifiers, social security number, and billing information are all examples of
protected health information (PHI).
A pharmaceutical manufacturing company representative stops by the hospital pharmacy where you work as the department director. He offers you a pair of tickets for a football game that you really would like to attend. What should be your response?
refuse tickets
Which of the following are appropriate ways to dispose of unneeded patient reports containing PHI?
shredding paper reports, physically destroying media (e.g. by breaking USBs or hard drives), and wiping or shredding electronic media.
You work for a family physician and your family members are his patients. Printing your mother's chest X-ray report without a physician request for a copy of the report is an
unacceptable privacy practice.
