HIPAA Compliance
Match the following item with its description: HIPAA Compliant a. complying with the HIPAA Privacy, HIPAA Security, and HIPAA Transaction regulations b. Standards for safeguarding of PHI specifically in electronic form (ePHI) c. Standards for controlling and safeguarding of PHI in all forms
a.
Match the following item with its description: Omnibus Rule a. name of last update to HIPAA b. focuses on protections of PHI from the people standpoint c. focuses on protection specifically for ePHI. It is a federal floor, minimum of... d. PHI in electronic form e. any identifiable health information relating to the past, present, or future health condition of the individual...
a.
Match the following term under the HIPAA Privacy Standards: De-identification a. ensuring that all of the individually identifiable information is deleted b. disclosures. that are incidental to an otherwise permitted use or disclosure c. minimum amount of PHI necessary to accomplish the intended purpose of the use or disclosure d. the loss of control, compromise, unauthorized user, unauthorized acquisition, on unauthorized access, or any similar...
a.
Match the following type of entity that must comply under HIPAA: Business Associates a. Healthcare Providers, Health Plans, Healthcare Clearinghouses b. Third parties that perform services for or exchange data with Covered Entities.
a.
The acronym HIPAA stands. for: a. Health Insurance Portability and Accountability Act b. Health Information Profile Accountability Act c. Health Insurance Premium Administration Act d. Health Information Portability and Accountability Act
a.
Under the HIPAA regulations, healthcare providers are allowed to use and disclose patients' PHI for purposes of TPO (treatment, payment, operations) a. True b. False
a.
What does PHI stand for? a. Protected Health Information b. Privileged Health Information c. Public Health Information d. Private Health Information
a.
Which of the following is NOT a healthcare provider? a. Medical transcription company b. Dental clinic c. Physician practice d. Chiropractor
a.
Healthcare providers should take extra precautions with patients' health information that may be considered especially sensitive including: (select all that apply) a. Substance abuse b. Eye surgeries c. Sexually transmitted diseases d. Mental health e. Dental records
a., c., d.
Covered entities may also use or disclose PHI without authorization in the following circumstances EXCEPT: a. Treatment, Payment, and Operations (TPO) b. Medical research with information that identifies the individual c. Workers' compensation d. Public health activities e. Emergencies involving imminent threat to health or safety (to the individual or the public) f. Where required by law
b.
Match the following item with its description: HIPAA Privacy a. name of last update to HIPAA b. focuses on protections of PHI from the people standpoint c. focuses on protection specifically for ePHI. It is a federal floor, minimum of... d. PHI in electronic form e. any identifiable health information relating to the past, present, or future health condition of the individual...
b.
Match the following item with its description: Security Standards a. complying with the HIPAA Privacy, HIPAA Security, and HIPAA Transaction regulations b. Standards for safeguarding of PHI specifically in electronic form (ePHI) c. Standards for controlling and safeguarding of PHI in all forms
b.
Match the following term under the HIPAA Privacy Standards: Incidental Use and Disclosures a. ensuring that all of the individually identifiable information is deleted b. disclosures. that are incidental to an otherwise permitted use or disclosure c. minimum amount of PHI necessary to accomplish the intended purpose of the use or disclosure d. the loss of control, compromise, unauthorized user, unauthorized acquisition, on unauthorized access, or any similar...
b.
Match the following type of entity that must comply under HIPAA: Covered Entities a. Healthcare Providers, Health Plans, Healthcare Clearinghouses b. Third parties that perform services for or exchange data with Covered Entities.
b.
Which of the following is NOT an example of uses and disclosures for TPO (treatment, payment, operations)? a. Billing b. 3rd party marketing offers c. Medical referrals d. Evaluation of healthcare provider performance e. Determination of eligibility or coverage f. Medical treatment
b.
Who enforces HIPAA? a. Department of Health Information Security b. Department of Health and Human Services c. Surgeon General d. Local Police Department
b.
An authorization is required for which of the following? a. Where required by law enforcement b. Medical referrals c. Non-routine disclosures d. Treatment, Payment, and Operations
c.
Match the following item with its description: HIPAA Security a. name of last update to HIPAA b. focuses on protections of PHI from the people standpoint c. focuses on protection specifically for ePHI. It is a federal floor, minimum of... d. PHI in electronic form e. any identifiable health information relating to the past, present, or future health condition of the individual...
c.
Match the following item with its description: Privacy Standards a. complying with the HIPAA Privacy, HIPAA Security, and HIPAA Transaction regulations b. Standards for safeguarding of PHI specifically in electronic form (ePHI) c. Standards for controlling and safeguarding of PHI in all forms
c.
Match the following term under the HIPAA Privacy Standards: Minimum Necessary Disclosure a. ensuring that all of the individually identifiable information is deleted b. disclosures. that are incidental to an otherwise permitted use or disclosure c. minimum amount of PHI necessary to accomplish the intended purpose of the use or disclosure d. the loss of control, compromise, unauthorized user, unauthorized acquisition, on unauthorized access, or any similar...
c.
The five titles under HIPAA fall logically into which two major categories: a. Insurance Reform and Electronic Medical Records b. Patient Confidentiality and Administrative Simplification c. Administrative Simplification and Insurance Reform d. Transactions and Insurance Reform
c.
Which of the following is NOT true about business associate contracts and chain of trust? a. Business associate contracts are used to legally create and maintain the chain of trust b. A chain of trust consists of a covered entity along with the chain of multiple levels of business associates that they share information with c. It is optional for an organization (covered entity or business associate) to sign a business associate agreement before sharing PHI with another organization d. When a business associate signs a business associate contract they are legally attesting that they are HIPAA compliant to the party sharing PHI with them and are then subject to the fines and penalties of HIPAA e. When a covered entity or business associate shares information with another organization or party, they must sign a business associate contract before sharing the information
c.
Which of the following must a healthcare provider do before sharing PHI with a third party organization? (select all that apply) a. Check if the third party organization is on the government black list b. Ensure the third party organization has commercial insurance c. Sign a business associate contract with the third party to make them legally responsible for the privacy and security of the PHI d. Perform due diligence to ensure that the third party is actually HIPAA compliant and has the formal safeguards and controls in place required by HIPAA
c., d.
Match the following item with its description: Electronic Protected Health Information (ePHI) a. name of last update to HIPAA b. focuses on protections of PHI from the people standpoint c. focuses on protection specifically for ePHI. It is a federal floor, minimum of... d. PHI in electronic form e. any identifiable health information relating to the past, present, or future health condition of the individual...
d.
Match the following term under the HIPAA Privacy Standards: Breach a. ensuring that all of the individually identifiable information is deleted b. disclosures. that are incidental to an otherwise permitted use or disclosure c. minimum amount of PHI necessary to accomplish the intended purpose of the use or disclosure d. the loss of control, compromise, unauthorized user, unauthorized acquisition, on unauthorized access, or any similar...
d.
Penalties for non-compliance can be which of the following types? a. Accidental and Purposeful b. Criminal and Incidental c. Civil and Accidental d. Civil and Criminal
d.
The Administrative Simplification section of HIPAA consists of standards for the following areas: a. Transactions, Code Sets, and Identifiers b. Privacy c. Security d. All of the above
d.
Which of the following is a Business Associate? a. Medical billing and collections company b. Medical transcriptions company c. IT Consultant d. All of the above
d.
When a breach occurs, healthcare providers are required to: a. Investigate the breach b. Mitigate the breach c. Document the breach d. Notify the individuals affected by the breach as well as potentially the Department of Health and Human Services depending on the size of the breach e. All of the above
e.
Which of the following is true regarding a business associate contract? a. Is requires between a covered entity and business associate if protected health information will be shared between the two b. Is a written assurance that a Business Associate will appropriately safeguard PHI that they use or have disclosed to them from a covered entity c. Defines the obligations of a Business Associate d. Can be either a new contract or an addendum to an existing service contract e. All of the above
e.
