Relias: Exam : Application of HIPAA in Behavioral Health
11. Under what circumstances would a provider need to ensure they are complying with the requirements of Title 42 CFR Part 2?
For treatment of a substance use disorder
The term "protected health information," or PHI, refers to information that:
Identifies the client's demographics and any health-related information
1. A provider keeps copies of their client records on an external hard drive, just in case something happens to his primary office computer. Under HIPAA, what is the best way for the provider to store the external hard drive?
At the provider's office using physical security protections
What does HIPAA stand for?
The Health Insurance Portability and Accountability Act
7. Under HIPAA, when notifying individuals that their protected health information has been breached, what information must be included?
A brief description of what the covered entity is doing to investigate the breach and mitigate the harm
4. Which of the following is most likely to be a business associate of a healthcare provider that is a covered entity?
Answering service
14. When must the provider distribute a HIPAA Notice of Privacy Practices (NPP)?
At the first encounter the provider has with the individual
2. Of the following, what is the best way to help keep a telehealth client's protected health information secure?
Do not hold sessions in common areas where others can overhear or interrupt calls.
10. The intention of the Security Rule of HIPAA is to ensure that:
Electronic health information (ePHI) is confidential, safe, and available.
13. Fred, a psychotherapist, begins to see an 18-year-old male client, Troy, for major depressive disorder. Troy is still living with his parents. After a few weeks, Troy's parents demand to see a copy of his notes taken during their psychotherapy sessions. Under HIPAA, should Fred provide a copy of Troy's treatment record to the parents?
No, HIPAA grants Troy a right to privacy of his treatment records.
Mary had good reason to believe that an adolescent client of hers was abused by her uncle, and Mary reported the suspected abuse to child protective services. However, Mary was mistaken. The false report, although made in good faith and consistent with state law, seriously upset her client's uncle. Did Mary violate HIPAA?
No. Since Mary made the report in good faith and consistent with state law, she did not violate HIPAA.
5. Who should HIPAA complaints be directed to within the covered entity?
Privacy officer
9. For which of the following types of PHI does HIPAA require a signed authorization for use or disclosure?
Psychotherapy notes
6. The Minimum Necessary Rule guides healthcare providers to:
Share only the protected health information that is necessary to get the job done
3. What are the sweeping changes to HIPAA in 2013 that modified several rules at once called?
The Omnibus Rule
12. Which of the following is one of the three primary parts of HIPAA?
The Security Rule
The first step toward Security Rule compliance is:
To complete a risk assessment
8. True or False: An individual is allowed to request an accounting of how their personal health information has been used.
True
True or False: As a behavioral health provider in a small private practice, you would be expected to pay a HIPAA penalty if a computer error caused your monthly bills (which contain PHI) to go to the wrong addresses.
True
15. An example of a breach of ePHI is:
You accidentally send an email containing confidential client information to the wrong client.