CR Institute
The HIPAA Security Rule establishes national standards to protect individuals' ______ that is created, received, used, or maintained by a covered entity or business associate.
. B electronic personal health information Correct Answer Great job! The HIPAA Security Rule establishes national standards to protect individuals' electronic personal health information that is created, received, used, or maintained by a covered entity or business associate.
If an individual is incapable of providing informed consent, a personal representative may give authorization. Which is NOT a category of personal representative:
. For someone who is unconscious Your Answer Great job! These are the categories of personal representatives: For an adult or emancipated minor For an unemancipated minor For someone who is deceased
Does this scenario meet the HIPAA Privacy Rule? I am an at-home patient care nurse. I sometimes have PHI with me in my car. I leave it locked in a safe in my trunk.
. Privacy Rule met Correct Answer Great job! Locking PHI out of sight in a car, like the trunk, is appropriate and using the extra layer of protection of a safe is a great idea.
Which of the following are administrative safeguards according to HIPAA's Security Rule: (mark 3 of the 4 options) Incorrect Answer
A. Assign a privacy officer Correct Answer B. Implement employee training D. Review policies and procedures
Does this description represent Required or Addressable according to the Security Rule? The given standard is mandatory and, therefore, must be complied with.
A. Required Correct Answer Great job! The Security Rule states that a required standard is mandatory and, therefore, must be complied with.
Read the scenario below and decide if HIPAA's Security Rule is being met: In my office, the computers that have ePHI stored on them are all located in a special room that has a key fob to enter. Only specific roles have access to those key fobs.
A. Security Rule met Correct Answer Great job! The Security Rule requires a BA or CE to implement procedures to control and validate a person's access to facilities based on their role or function, including visitor control, and control of access to software programs for testing and revision
The HIPAA Breach Notification Rule requires HIPAA _____ and their _____ to provide notification following a breach of unsecured protected health information.
A. covered entities, business associates Great job! The HIPAA Breach Notification Rule requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information.
Which of the following are technical safeguards according to HIPAA's Security Rule: (Mark 3 of the 4 options)
B. Assign a unique name and/or number for identifying and tracking user identity Correct Answer C. Establish (and implement as needed) procedures for obtaining necessary ePHI during an emergency Correct Answer D. Implement a mechanism to encrypt and decrypt ePHI
Read the scenario below and decide if HIPAA's Security Rule is being met: I work at a BA that manages billing for physicians. I took a screenshot of a screen that showed some pieces of PHI and emailed it to our IT department so they could help with an IT issue I am having. I am not sure if we have a BAA with our email provider.
B. Security Rule not met Correct Answer Great job! Emailing ePHI without a BAA with your email provider is not meeting HIPAA's Security Rule, since you aren't sure if you have a BAA, avoid it.
Read the scenario below and decide if HIPAA's Security Rule is being met: I am reusing an old external hard drive at work. My boss said just delete all the files on it and reuse it.
B. Security Rule not met Correct Answer Great job! The Security Rule requires a BA or CE to implement procedures for removal of ePHI from electronic media before the media are made available for re-use.
As an employee, your responsibility is to be able to identify your agency's HIPAA _____ and know the protocols of informing your officers should you suspect a security breach.
C. Security and Privacy officers Correct Answer Great job! As an employee, your responsibility is to be able to identify your agency's HIPAA Security and Privacy officers and know the protocols of informing your officers should you suspect a security breach.
Oral safeguards include:
Correct Answer Great job! Oral safeguards include: Do not discuss clients or client data in public areas Talk on the phone in closed quarters, and be careful what you disclose aloud Consider soundproofing therapy rooms or providing white-noise machines to mask client voices
A CE must make reasonable efforts to use, disclose, and request only the _____ amount of protected health information needed to accomplish the intended purpose of the use, disclosure, or request.
Correct Answer Great job! A CE must make reasonable efforts to use, disclose, and request only the minimum amount of protected health information needed to accomplish the intended purpose of the use, disclosure, or request.
A breach is, generally, a(n) _____ use or disclosure under the Privacy Rule that compromises the security or privacy of the _____.
D impermissible, protected health information Correct Answer Great job! A breach is, generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information.
Which of these should you NOT do:
D. [all others]A. Use social media platforms' private messaging systems to communicate with patients B. Post information on personal social media pages as the voice of the agency or provide "professional" advice on social media C. Talk about patients on social media in general terms
The Security Rule requires covered entities to maintain reasonable and appropriate _____ for protecting e-PHI.
D. administrative, technical, and physical safeguards Correct Answer Great job! The Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI.
Which is NOT considered best practices to meet HIPAA's Security Rule:
E. Do not set a timed lock-screen to avoid leaving live computer/tablet/phone screens unattended Correct Answer Great job! You should set a timed lock-screen to avoid leaving live computer/tablet/phone screens unattended.
Which of the following are physical safeguards according to HIPAA's Security Rule:
E. [all others]
Which of these disclosures DOES require written authorization:
For any communication about a product or service that encourages recipients to purchase or use the product or service Correct Answer Great job! Any communication about a product or service that encourages recipients to purchase or use the product or service DOES require written authorization.
A(n) _____ is completely voluntary, is more of a formality to inform clients of accepted HIPAA practices.
Great job! A consent is completely voluntary, is more of a formality to inform clients of accepted HIPAA practices.
A(n) _____ is a detailed document that describes the protected health information to be used and disclosed, the person authorized to make the use or disclosure, the person to whom the covered entity may make the disclosure, an expiration date, and, in some cases, the purpose for which the information may be used or disclosed.
Great job! An authorization is a detailed document that describes the protected health information to be used and disclosed, the person authorized to make the use or disclosure, the person to whom the covered entity may make the disclosure, an expiration date, and, in some cases, the purpose for which the information may be used or disclosed.
The Privacy rule is a series of national regulations addressing how Protected health information (PHI) can be _____ and _____.
Great job! The Privacy rule is a series of national regulations addressing how Protected health information (PHI) can be shared and used.
Does this scenario meet the HIPAA Privacy Rule?
Great job! The security rule is not met if patient files are not stored in locked areas when not in use.
If you are not entering into a BAA with the company providing peer-to-peer software services for PHI you are almost certainly in violation of HIPAA standards.
TrueA. True Correct Answer Great job! If you are not entering into a BAA with the company providing peer-to-peer software services for PHI you are almost certainly in violation of HIPAA standards.
What are the four safeguards that should be in place? (choose 4 of the 8 options)
Oral Paper/Physical Electronic Disposal
