HIPAA Training

In the event of a conflict between HIPAA and state law, state law preempts HIPAA unless HIPAA is stricter

FALSE, "The general standard is that if a state law is more protective of the patient, then it takes precedence over HIPAA". If a state law is less stringent than HIPAA, then HIPAA takes over.

Physical safeguards include Facility Access Controls, Guidelines on Workstation Use and Security, Medical Controls and Security Locks

FALSE, The Facility Access Controls standards has 4 implementation specifications that addressable: 1.ContingencyOperations(Addresable 2. Facility Security Plan (Addressable) 3. Access Control and Validation Procedures (Addressable) 4.Maintenance Records (Addressable)

According to the Security Rule, it is never permissible to use the internet to transmit PHI

FALSE, The Security Rule does not expressly prohibit the use of email for sending e-PHI. However, the standards for access control, integrity, and transmission security require covered entities to implement policies and procedures to restrict access to, protect the integrity of, and guard against unauthorized access to e-PHI.

There are 3 separate regulations referred to as the Privacy Rule, Security Rule and Information Rule.

False, The three key properties that underpin privacy and security under the Health Insurance Portability and Accountability Act (HIPAA) are availability, confidentiality, and integrity. Availability is the property that data or information is accessible& useable upon demand by an authorized person. Confidentiality is the property that data / information is not made available / disclosed to unauthorized persons / processes. Integrity is the property that data or information have not been altered or destroyed in an unauthorized manner.

As a general rule, a covered entity may not use or disclose protected health info for purposes other than treatment, payment and healthcare operations without the patients written authorization

True

Except in certain circumstances individuals have the right to review and obtain a copy of their protected heath info

True

HIPAA regulations cover a broad scope and impact virtually every department of every entity that has access to personal health info

True

One primary purpose of HIPAA is to protect people from losing their health insurance if they change jobs or have pre-existing health conditions

True

The HIPAA Privacy and Security Rules dictate that all who may come into contact with protected health inf go through training on HIPAA policy

True

The Security Rule portion of HIPAA also requires that administrative, physical and technical safeguards are in place to prevent the improper use or disclosure of PHI

True