HIPAA quiz

What are some forms of data security safeguards?

- Administrative - Physical - Technical

In feneral a written HIPAA privacy notice contains:

- An explanation that pt info may be transmitted to 3rd parties for use in treatment decisions, payment, or other healthcare processes. - An explanation of the pt rights to see his or her own medical and billing records and make changes to anything that seems inaccurate. - Notification of the pt right to learn who has read the record

In an open computer network HIPAA requires the use of __________. In a closed system HIPAA allows __________ as controls.

- Data encryption - Sign on codes and passwords

technical safeguards are used to protect info through

- Encryption - Authentication programs

What are some permitted disclosures that do not require pt permission in reporting?

- Vital statistics - Communicable diseases - Adverse rx to drugs or medical devices to the FDA

As the first incremental step in healthcare reform, Congress passed the HIPAA act in:

1996

The privacy and data security portions of the Health Insurance Portability and Accountability ACT (HIPAA) was passed in

1996

One exception to confidentiality is:

A GSW

The Administrative Safeguards are largely handled by a facility's __________.

Administrators and privacy officer

In a hospital the obligation to maintain confidentiality applies to:

All medical and personal info

What is one good rule to prevent unauthorized access to computer data?

Blank the screen or turn off the computer when you leave it.

HiPAA regulations override any state laws which demand stricter privacy. (T/F)

False

The Dept of Health and Human Services considers the HIPAA security standards to be a maximum standards. (T/F)

False

The term "ICD-10-CM" refers to the 10th Independent Cateforization of the disease factors. (T/F)

False

In a convo, enough info to ID a pt may be revealed, even if the pt names are not used. (T/F)

True

The coming of computers in medicine has created new dangers for breach of confidentiality. (T/F)

True

The goal of your org info security info program is to protect the confidentiality, integrity, and availability of each pt health info. (T/F)

True

The issue of "healthcare portability" focused on protecting healthcare coverage for employees who change jobs and allowing them to carry existing plans with them (T/F)

True

The most common privacy violations were impermissible disclosures to unauthorized persons, often in casual conversations. (T/F)

True

The privacy rule states that protected health information can be data that is written, spoken, or in electronic format. (T/F)

True

At the extreme, anyone caught selling private health care info can be fined up to: a. $250,000 and 10 y in prison b. $25,000 and 1 y in prison c. $50.000 and 5 y in prison d. $100,000 and 10 y in prison

a. $250,000 and 10 y in prison

General info about a pt can be shared _________. a. When it is directly related to treatment b. Only when it is not related to treatment c. Only when the pt authorizes it specifically d. Only with other medical personnel

a. When it is directly related to treatment

Title I promotes renewability of coverage by prohibiting employee health plans from denying coverage to new employees based on all but which of the following? a. Health status b. Medical inaccuracies c. Genetic information d. Disability

b. Medical inaccuracies

The __________ is responsible to see that all healthcare workers are familiar with HIPAA ans its privacy rule and familiar with all the policies and procedure used to guard health info at the facility. a. HIPAA policymaker b. Privacy officer c. Compliance liaison d. None of the above

b. Privacy officer

One of the requirements of the Security Rule is to a. Limit the amount of visitors who can see a pt b. Protect against all reasonably anticipated threats or hazards to the security of electronic protected health info c. Convert all paper files to electronic docs

b. Protect against all reasonably anticipated threats or hazards to the security of electronic protected health info

The standardization of all codes has begun to make the electronic transfer of healthcare data a. More resistant to privacy violations b. Smoother and more accurate c. More problematic d. 100% accurate

b. Smoother and more accurate

The __________ is a unique 10-digit alphanumeric. a. Employee ID number b. ICD-10-CM c. National Provider Identifier d. ICDM-10-XB

c. National Provider Identifier

Title I of HIPAA covers a. Access b. Portability c. Renewability d. All of the above

d. All of the above

Which of the following types of conversations about pt constitute a violation of pt privacy? a. Convos in public areas b. Telephone convos c. Convos at home with friends and family d. All of the above

d. All of the above

The security rule deals specifically with protecting __________ data. a. Personal b. Medical c. Billing d. Electronic

d. Electronic