HIPAA: Privacy Compliance True or False

Protected Health Information is anything that connects a patient to his or her health information.

true

You must obtain patient agreement to use/disclose PHI for public health activities related to disease prevention.

false; You can use/disclose PHI without patient agreement for public health activities related to disease control and prevention.

An authorization must contain an expiration date.

true

Authorization must be obtained for any use/disclosure of PHI for marketing purposes.

true

If you need help understanding the rules, the Department of Health and Human Services is required to give you assistance.

true

In general, disclosure of PHI must be limited to the least amount needed to get the job done right.

true

After signing an authorization, the patient can decide to revoke it.

true

The Privacy Rule gives patients the right to take action if their privacy is violated.

true

To protect patient confidentiality, learn about your facility's patient privacy rights - and encourage others to do the same.

true

The Privacy Rule gives patients the right to request a history of routine disclosures.

false; The Privacy Rule gives patients the right to request a history of disclosures of their PHI, except for disclosures related to treatment, payment or healthcare operations, or with prior authorization.

The HIPAA Privacy Rule protects a patient's fundamental right to privacy and confidentiality.

true

The Notice of Privacy Practices gives patients notice about the use/disclosure of their PHI, as well as their rights in general.

true

PHI includes all health information that is used/disclosed-except PHI in oral form.

false; PHI includes all health or patient information in any form whether oral or recorded, on paper, or sent electronically.

PHI is disclosed when it is shared, examined, applied or analyzed.

false; PHI is disclosed when released, transferred, allowed to be accessed, or divulged outside the facility.

PHI is used when it is released, transferred, or allowed to be accessed or divulged outside the covered entity.

false; PHI is used when shared, examined, applied, or analyzed by a covered entity that receives or maintains it.

Using PHI for purposes not specified by the rule requires covered entities to get patient authorization.

true

You are called a covered entity if you are a healthcare provider, health plan, or healthcare clearinghouse who transmits health information in electronic form.

true

You are permitted to use/disclose PHI for treatment, payment and healthcare operations.

true

You are required to use/disclose PHI when authorized or requested by the individual patient.

true

You can use/ disclose PHI without patient agreement to report victims of abuse, neglect or domestic violence.

true