HIPAA UAB Certificiation

If you work with paper documents containing PHI, it is important to: a) keep them in locked cabinets or rooms when not in use b)check each page to ensure it belongs to the correct patient before distributing. c)shred immediately, or place them in securely locked bins or rooms to await shredding, when the documents are no longer needed d) all of the above

All of the above

What steps should be taken before sending PHI via a fax machine or eFax?

All of the above

Which of the following is/are defined as PHI data elements under HIPAA?

All of the above

What should I do if I suspect a breach involving protected health information? a) Notify my supervisor b) Report it to the Privacy Office or the Information Security Office c) Report it to the Office of UAB Medicine Compliance or the Office of University Compliance d) Report it to my HIPAA Entity Privacy Coordinator (EPC) or HIPAA Entity Security Coordinator (ESC) e) contact my Help Desk f) any of the above

Any of the above

All attachments and links received through my email address in the UAB/UAB Medicine email systems are safe to open/click on.

FALSE

Which statement is correct about accessing UAB/UAB Medicine information systems containing PHI?

I am responsible for all activity in all information systems under my logon

When finished accessing a clinical application on a workstation that is shared with other employees, like at a nurse's station, the user must take which of the following steps?

Logoff the computer workstation or lock the session.

What is the federal civil penalty for knowingly violating HIPAA Privacy and Security regulations?

Monetary fines ranging from $100 up to $50,000 per violation with a maximum penalty of $1.5 million per calendar year

My password or other means of access to UAB/UAB Medicine information systems can be shared with which of the following?

No one

Which of the following is the primary guidance for emailing PHI at UAB/UAB Medicine?

PHI may be emailed within the UAB Medicine email systems (uabmc.edu) only.

A HIPAA covered entity must use or disclose only the minimum necessary PHI required to accomplish the business purpose of the use or disclosure.

TRUE

All types of protected health information (written, verbal or spoken, and electronic) are protected by HIPAA.

TRUE

If family members or visitors are with the patient and I need to discuss a matter related to the patient's medical condition, then, before continuing, I need to ask the persons to leave the room. The patient may identify persons who can remain, but it is the patient's decision

TRUE

Penalties for breaching a patient's privacy or security can include termination of employment or assignment.

TRUE

TRUE or FALSE UAB/UAB Medicine has developed HIPAA privacy and security core policies that govern how the organization and its work force shall operate to comply with HIPAA privacy and security regulations.

TRUE

PHI can be accessed ONLY for

UAB/UABHS business/work-related purposes.