HIPPA

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

I am an at-home patient care nurse. I sometimes have PHI with me in my car. I leave it locked in a safe in my trunk.

A. Privacy Rule met

In my office, the computers that have ePHI stored on them are all located in a special room that has a key fob to enter. Only specific roles have access to those key fobs.

A. Security Rule met

The HIPAA Breach Notification Rule requires HIPAA _____ and their _____ to provide notification following a breach of unsecured protected health information.

A. covered entities, business associates

The notice about provider's privacy policies must specifically outline how a _____ may use _____.

A. provider, personal patient information

Which of the following are administrative safeguards according to HIPAA's Security Rule: (mark 3 of the 4 options)

Assign a privacy officer Implement employee training Review policies and procedures

Which of the following are technical safeguards according to HIPAA's Security Rule: (Mark 3 of the 4 options)

Assign a unique name and/or number for identifying and tracking user identity Establish (and implement as needed) procedures for obtaining necessary ePHI during an emergency Implement a mechanism to encrypt and decrypt ePHI

I am employed by a BA. I often have to carry physical PHI with me, so when I am in meetings I leave a sticky note on top the files on my desk that says "Do not open."

B. Privacy Rule not met

I am reusing an old external hard drive at work. My boss said just delete all the files on it and reuse it.

B. Security Rule not met

I work at a BA that manages billing for physicians. I took a screenshot of a screen that showed some pieces of PHI and emailed it to our IT department so they could help with an IT issue I am having. I am not sure if we have a BAA with our email provider.

B. Security Rule not met

A(n) _____ is a detailed document that describes the protected health information to be used and disclosed, the person authorized to make the use or disclosure, the person to whom the covered entity may make the disclosure, an expiration date, and, in some cases, the purpose for which the information may be used or disclosed.

B. authorization

Which of these disclosures DOES require written authorization:

C. For any communication about a product or service that encourages recipients to purchase or use the product or service

As an employee, your responsibility is to be able to identify your agency's HIPAA _____ and know the protocols of informing your officers should you suspect a security breach.

C. Security and Privacy officers

There are _____ tiers of financial penalty for violators and _____ tiers of criminal penalty for violators.

C. four, three

The Privacy rule is a series of national regulations addressing how Protected health information (PHI) can be _____ and _____.

C. shared; used

The right to an accounting of disclosures of PHI allows patients to ask to see what disclosures have been made during the past _____ years.

C. six

Which of these should you NOT do:

D. [all others]

A breach is, generally, a(n) _____ use or disclosure under the Privacy Rule that compromises the security or privacy of the _____.

D. impermissible, protected health information

Which is NOT considered best practices to meet HIPAA's Security Rule:

Do not set a timed lock-screen to avoid leaving live computer/tablet/phone screens unattended

Which of the following are physical safeguards according to HIPAA's Security Rule:

E. [all others]

Which of these ARE potential repercussions for those in violations of HIPAA?

E. [all others]

If an individual is incapable of providing informed consent, a personal representative may give authorization. Which is NOT a category of personal representative:

For someone who is unconscious

Which of these are the rights of patients according to HIPAA?

G. [all others]

Oral safeguards include:

[all others]

The Security Rule requires covered entities to maintain reasonable and appropriate _____ for protecting e-PHI.

administrative, technical, and physical safeguards

A(n) _____ is completely voluntary, is more of a formality to inform clients of accepted HIPAA practices

consent

The HIPAA Security Rule establishes national standards to protect individuals' ______ that is created, received, used, or maintained by a covered entity or business associate.

electronic personal health information

A CE must make reasonable efforts to use, disclose, and request only the _____ amount of protected health information needed to accomplish the intended purpose of the use, disclosure, or request.

minimum

What are the four safeguards that should be in place? (choose 4 of the 8 options)

Oral Paper/Physical Electronic Disposal

Does this description represent Required or Addressable according to the Security Rule? The given standard is mandatory and, therefore, must be complied with.

Required

If you are not entering into a BAA with the company providing peer-to-peer software services for PHI you are almost certainly in violation of HIPAA standards.

True

Voir tous les ensembles d'études

Ensembles d'études connexes

Unit 1 Quiz 2

ECON 110 Macroeconomics Chapter 1-2

ECON2101 Ch. 17

Module 2 PrepU quiz

Exam 3 Sample Questions (EMT)

ACC 202 - Quiz 2

business chapter 4 test

water

ABEKA WORLD HISTORY AND CULTURES TEST 11

Chapter 11 Questions

Ch.7

Chapter 8: Ciccarelli Psychology

Infectious disease - non antibiotics pharm practice quiz

ncti 3 to 4

MGT 111- Chapter 11

MKTG 350 Exam 2

marketing test 3 ch 20, AGR 130- CHAP. 9, Mktg TB: Chap 16, Chapter 16 - Practice Problems, MKT 230 Chapter 14, MKTG 351 CHAPTER 15, chpt 13, chapter 11marketing, MKTG CH 12 TRUE OR FALSE, Marketing Study Questions, ch 13, Chapter 11, Marketing 351 O...