Relias: HIPAA and Behavioral health
Under HIPAA, when notifying individuals that their protected health information has been breached, what information must be included?
A brief description of what the Covered Entity is doing to investigate the breach and mitigate the harm
Which of the following is an exception to the definition of a "breach"?
A physician accidentally overhears a nurse discussing the condition of an individual that he does not treat
Which of the following is most likely to be a business associate of a healthcare provider that is a Covered Entity?
Answering service
When must the provider distribute a HIPAA Notice of Privacy Practices (NPP)?
At the first encounter the provider has with the individual, unless the first encounter is an emergency
The Security Rule protects the following:
Electronic PHI
True or False: HIPAA's Privacy and Security Rules dictate exactly how covered entities and business associates must dispose of records.
False
Which of the following actions would cause a healthcare provider to become a Covered Entity?
File a claim for payment electronically
Under what circumstances would a provider need to ensure they are complying with the requirements of Title 42 CFR Part 2?
For treatment of a substance use disorder
What does HIPAA stand for?
Health Insurance Portability and Accountability Act
Lucy is a psychotherapist who has recently begun accepting adolescent and young adult clients. She begins to see an 18-year-old male client for major depressive disorder, who is still living with his parents. After a few weeks, his parents demand to see a copy of Lucy's notes taken during their psychotherapy sessions. Under HIPAA, should Lucy provide a copy of her client's treatment record to the parents?
No, HIPAA grants the client a right to privacy of his treatment records
Mary had good reason to believe that a teenaged client of hers was abused by her uncle and Mary reported the suspected abuse to Child Protective Services. However, Mary was mistaken. The false report, although made in good faith and consistent with state law, seriously upset her client's uncle. Did Mary violate HIPAA?
No. Since Mary made the report in good faith and consistent with state law, she did not violate HIPAA.
Who should HIPAA complaints be directed to within the Covered Entity?
Privacy Officer
For which of the following types of PHI does HIPAA require a signed authorization for use or disclosure?
Psychotherapy notes
Which of the following is one of the three primary parts of HIPAA?
The Security Rule
A pharmaceutical company asks for a list of all individuals in your practice, so they can send those individuals a free gift of a pill sorter. Is it permissible for you to provide the list?
Yes, if each individual on the list signed an authorization permitting the Covered Entity to release the PHI necessary for the marketing purposes.
In January 2013, DHHS issued sweeping changes to HIPAA's privacy, security, and enforcement requirements. Because the changes modified several rules at once, these changes are collected referred to as what?
The omnibus rule
True or False: An individual is allowed to request information of how their personal health information has been used.
True
John, a pharmacist at the local drug store, is calling a customer, Beth, to ask her allergy questions before giving her a newly prescribed medication. There is a very long line at the pharmacy and many people are within earshot of John and Beth. If other customers hear about Beth's allergies and medical conditions over the course of their conversation, would John be in violation of HIPAA?
Yes, this info is protected by HIPAA
Linda's practice calls individuals to confirm appointments. Karen requests that the practice does not make these calls to her because she is afraid her husband will become abusive if he finds out she is seeking treatment. Karen says she will call the practice to confirm and asks to be taken off the call list. Does HIPAA require the practice comply with Karen's request?
Yes. This is a request for a reasonable accommodation because Karen believes she is endangered.
Which of the following is considered PHI under HIPAA?
psychotherapy notes
The first step toward security rule compliance is:
to complete a risk assessment
