HIPPA TEST
Which of the following would most likely be a permissible "incidental disclosure" of protected health information (PHI) under HIPPA?
Giving a radio report to the receiving hospital even though the frequency can be monitored by the public.
Which of the following is a right that HIPPA grants to patients with respect to protected health information (PHI)?
The right to obtain a copy of their own patient care report.
You are permitted to convey protected health information (PHI) about a patient to an individual at a receiving facility who is involved in the patient's care through the following method(s):
Verbally B. Over the radio C. By handing the receiving facility a patient care report D. All of the above is the answer
If a patient calls and requests to speak to someone about their medical record, you should:
Verify the patient's identity (date of birth, social security number, address, etc.) before releasing any medical information to the patient.
Which of the following social media hashtag posts by an EMS provider would most likely be considered improper and could potentially be used to identify a patient:
#majormotorcycleheadtraumaoninterstate95lastnight
Which of the following is the best example of adherence to the "minimum necessary" rule?
Before conducting a quality improvement case review meeting, an ambulance service redacts all identifying information from patient care reports that is unnecessary for the review, including patient names, dates of birth, home addresses, etc.
If you witness an incident that may qualify as a potential HIPAA violation, you should only report that incident if you are absolutely certain that there has been an improper use or disclosure of PHI.
False
When working with EMS providers who are not from your EMS agency, but are involved with treating the patient you transported, you are permitted to share protected health information (PHI) with the other agency:
If sharing the information is necessary for the treatment of the patient.
Protected health information (PHI) is information that relates to healthcare or payment for a patient's services and is:
Information that identifies - or could identify a patient.
Which of the following statements are false
It would be a HIPAA violation to load more than one patient into an ambulance at a time because each patient could overhear protected health information (PHI) about the other patient
Saved A healthcare organization is required to have a HIPPA Privacy Officer in place if the organization:
Meets the definition of a "covered entity" under HIPPA.
When are you permitted by HIPPA to capture video at the scene of an accident, and share the video with your friends?
Never. You should not share any video taken at the scene with your friends, even if they are EMS providers.
If you are approached by a law enforcement officer requesting protected health information (PHI) about a patient you transported, and you are unsure if HIPPA permits disclosure of the PHI, you should:
Not release the PHI to the officer and contact the Privacy Officer at your organization to get clarification on the matter.
Which of the following uses would qualify as a proper use for "treatment" purposes under HIPPA?
On the way to the hospital, the EMS provider in the patient compartment relays the condition of the patient via radio to the emergency department.
f a police officer approaches you to ask you for protected health information (PHI) about a patient who is the victim of a crime, and the patient is stable, all of the following courses of action would be appropriate, except:
Telling the patient that a police officer needs medical information about him and that the patient has no choice but to answer all of the officer's questions about his medical condition.
When does HIPAA state that a new notice of privacy practices (NPP) must be furnished to a patient who has already received a copy of your organization's NPP?
f your agency has revised its NPP since the last time the patient received it
HIPAA permits you to release PHI to the media without patient authorization when you are merely confirming facts.
False
When viewing an image of an accident scene where a patient was trapped, which of the following would most likely be considered information that could be used to identify a patient:
The full license plate number of the vehicle in which the patient was trapped.
Information is not considered to be protected health information (PHI) under HIPPA if:
The information cannot be used to reasonably identify the patient.
HIPPA would permit disclosure of protected health information (PHI) about a patient to the news media in which of the following situations?
The patient gives specific written permission for the disclosure.
When it comes to sharing the patient's protected health information (PHI) with a patient's family or close friends, HIPPA:
Allows disclosure to family and other persons who are involved in the patient's care, if the EMS provider determines that the disclosure would be in the patient's best interest.
Which of the following social media posts would not be considered a HIPPA violation?
An EMS provider "checks-in" at the trauma center after an emergency response to a motorcycle crash with the hashtags #PodunkCounty #motorcyclecrashon475 #nohelmetmeansbadheadtrauma.
In a nonemergency transport situation, with a stable patient who is alert and oriented, when is the best time to have the patient sign the acknowledgement that the patient received a copy of your EMS agency's HIPPA "Notice of Privacy" (NPP).
At the time of service.
Covered entities are required to implement which of the following safeguards regarding electronic protected health information (PHI): A. Physical safeguards to protect things like computer file servers and other physical file locations. B. Technical safeguards such as password security, automatic logoff features and other security measures. C. Administrative safeguards such as policies and procedures about protecting electronic PHI that should be followed by all workforce members at the organization D. All of the above.
D
Billing personnel may not discuss protected health information (PHI) with a patient concerning the patient's ambulance transport because billing staff are not healthcare providers. A. True B. False
False
HIPPA permits the release of PHI to law enforcement officers without patient consent, under what circumstances:
Pursuant to a valid search warrant.
Once an EMS provider creates a patient care report (PCR), the provider is permitted to do the following with the document:
Submit the report to a biller in the EMS agency who will submit a claim for payment for the services.
Which of the following is an example of a permissible disclosure of protected health information (PHI) for payment purposes?
Submitting a claim to the patient's insurance company with health information that is required to get the claim paid.
If you navigate to a website and get a message on your screen claiming that the site is harmful to your computer, what steps should you take?
Take a screenshot of the message, email the screen shot to your supervisor and keep the screen open until the supervisor responds.
All the following are exceptions under HIPPA where you may release protected health information (PHI) to law enforcement without the patient's consent, except:
To help police locate a suspect, fugitive, material witness or missing person.
What is the best action to take if a hospital mistakenly sends you a face sheet that refers to a patient that your agency never treated or transported?
Treat the face sheet as you would any other PHI and notify your Privacy Officer, who should contact the hospital.
Which of the following would be an allowable disclosure of protected health information (PHI) for health care operations?
Using patient care reports (PCRs) to perform monthly quality improvement review where patient demographic information has been redacted.
Which of the following is the best example of adherence to the "minimum necessary" rule?
While sending claim information to an attorney for litigation review, an ambulance billing professional sends a list with the name and address of all the patients transported that day, in addition to the information on the patient information that was properly requested.
Electronic protected health information (ePHI) should be secured by having "role-based" access controls, automatic logoff features, encryption wherever feasible, and:
a) Unique user IDs and passwords to access computer systems. b) Safeguards against improper downloading and storage of ePHI.