HIPAA Study Guide
Qualitive Protected Order
A_______ Is an order of the court that prohibits parties from using protected health information (PHI) for any purpose other than litigation or proceedings for which the PHI has been requested
False
In determining what constitutes a reasonable safeguard for the protection of patient privacy, we should assess the risk without consideration of patient care.
Minimum Necessary
Inder the Privacy Rule, _______ guidelines restrict the amount of health information that may be used or disclosed to that needed to accomplish the purpose in question
Penalties
Under the Privacy Rule, _______ may be imposed for violations of patient confidentiality
Best Effort
Under the Privacy Rule, a covered entity is required to put forth its _____ to obtain an individual's signature indicating receipt of the Notice of Privacy Practices
Treatment Payment Operations
Under the Privacy Rule, a written authorization must be obtained when the release of information is not related to ___
Policies & Procedures
Under the Privacy Rule, the covered entity (CE) is obligated to implement, maintain, and provide workforce members with ______ to make clear the CE's expectations and assist in protecting the privacy of its patients
Privacy Official
Under the Privacy Rule, the covered entity is required to appoint a _____, who will be responsible for various aspects of the rule, including assistance to workforce members in maintaining compliance
Notice of Privacy Practice
Under the Privacy Rule, the covered entity must provide the individual with a ____ on his or her first date of service which outlines the patients rights under the rule
Alternative Means
Under the Privacy Rule, the patient has the right to request _____ or obtain copies of his or her health record
Reasonable Steps
Under the Privacy Rule, workforce members are expected to take _____ steps to safeguard protected health information
impermissible
Unnecessary use or disclosure of health information that could have been reasonably prevented is referred to as
True
Viewing your own medical records in the healthcare organization you work for may be considered a violation of the organizations policy on access to medical records.
Valid
When protected health information (PHI) is being used or disclosed for reasons other than treatment, payment, or healthcare operations, the authorization for the release of the PHI must be
False
When state laws regarding the protection of medical records are stricter than the federal Privacy Rule, the workforce member must follow the federal rule.
Administrative Law Judge
A federal official who may be requested by a covered entity to preside over a trial-type hearing and make decisions to resolve disputes
Work Force Member
A healthcare employee, volunteer, student, or trainee; responsible for protecting patients health information
Business Associate
An organization or person who provides services to a healthcare organization and requires protected health information to carry out that function or activity
Protected Healthcare Information
Any piece of information that identifies or could be used to identify a specific individual is referred to in the healthcare setting as
Covered Entity
Any provider, health plan, or clearinghouse to which the Privacy Rule applies
False
If the business associate violates the privacy of an individual, it is not necessary for the covered entity (CE) to investigate or act upon knowledge of the violation.
True
If you have made your best effort to obtain a patient's signature verifying that he or she has received the Notice of Privacy Practices but the patient has refused to sign, you are required to document the reason that you were not able to obtain the signature.
Zero Tolerance
Many healthcare organization are adopting policies in regard to workforce members who violate the organizations privacy policies
U.S Treasury
Monies collected under penalties imposed inder Privacy Rule are deposited by the ______, not disbursed to the complainant
Law Enforcement
Officers of the federal, state, or local government who have legal authority to investigate violations of the law
Retaliation
The Privacy Rule prohibits acts of revenge, known as ______ against any person filing a complaint about a privacy violation
True
The Privacy Rule requires that all covered entities (CE's) have and apply appropriate sanctions against those workforce members who fail to comply with the rule.
Use
The act of accessing any health information by a workforce member for the purpose of performing a task within a healthcare organization is referred to as
Office of Civil Rights
The government agency that accepts and investigates Complaints related to the Privacy Rule
Department of Justice
The government agency that investigates the most serious violations of the Privacy Rule
Individual
The person who is seeking medical care: the person whose information we are protecting
Disclosure
The release, transfer, or sharing of health information with another individual or entity outside the healthcare organization holding this information is referred to as
False
To meet the requirements of the Privacy Rule, it is not necessary to hand a copy of the Notice of Privacy Practices to the individual if it has already been posted in the waiting room.
