Privacy and Security
Exempt Health Information (5)
- A child is being abused - A baby is born to a patient - A patient dies - Court-ordered health information - A patient tests positive for HIV
Proper Maintenance (7)
- Records are complete - Writing is legible - Objective info by health care worker - Subjective info by patient - Line drawn through error - Records kept 7 years - Old records shredded
Protective Activities (6)
- Requiring codes to access info - Backing up data - Collecting printout from printer - Collecting original from copier - Shredding unneeded faxes - Not speaking about info in message
When did HIPAA become law? - 1985 - 1996 - 1970 - 2003
1996
Question #11 When are the medical facilities required to notify patients of the privacy policy? - At each visit - At the first visit - After one year - Never
After the first visit
There are no additional costs to electronic medical records. - True - False
False
Which of the following is NOT a way to protect information when using a fax machine?
Walk away while a fax is sent.
Michael Schmidt and his family had access to health insurance even after he lost his job.
Insurance Portability
Information that is shared between a physician and patient is privileged communication. - True - False
True
Unneeded printouts, copies, and faxes of confidential information should be thrown in trash cans. - True - False
False
When health data is needed for research, the entire medical record is disclosed to the researchers. - True - False
False
What does HIPAA stand for? - Health Insurance Portability and Accountability Act - Health Initiative to Protect Anonymity Act - Heath Information Privacy and Accessibility Act - Health Issues for Patients in America Act
Health Insurance Portability and Accountability Act
Whom do medical records belong to? - Health care providers - Patients - Employers - All of the above
Health care providers
58. Dr. Josef is recording his dictating notes in the emergency room and you hear him mention that the patient in the next room is a victim of domestic violence. Which of the following describes your knowledge of the situation according to HIPAA?
Incidental disclosure
Advantages in electronic medical records (5)
Instant access Remote access Simultaneous access Legible Flexible layout
52. Tina has a primary care physician, and is meeting with an orthopedic specialist today. How can the specialist obtain Tina's medical information from her primary care physician?
Tina will have to give authorization for her primary care office to release the records to the specialist.
Protected Health Information (4)
- A patient says she feels depressed - A patient's medical records - A patient's health care bill - A patient's health insurance info
Risky Activities (6)
- Saying Patients name around others - Placing monitor where others can see - Printing to wrong printer - Leaving copier unattended - Not verifying receiving fax number - Sending into in e-mail
Disadvantages in electronic records (5)
- Training - Computer downtime - Hardware and software costs - Difficult date entry - Resistance to giving up paper records
Improper Maintenance (5)
- Writing is illegible - Error Erased - Subjective info by health care worker - Records are incomplete - Old records thrown in trash can
After Jane Xavier filed an electronic insurance claim, it was processed within 5 days. She was pleased because just a few years ago, the claims process took about 30 days.
Administrative Simplification
According to the Privacy Rule, which item must be included in a record of disclosures of protected health information? - Date of disclosure - Name of the person or entity to whom information was disclosed - Description of disclosure - Reason for disclosure - All of the above
All of the above
According to the Privacy Rule, which of the following is true about authorization? - It must be signed and dated. - It must be written in plain language. - It must have an expiration date. - It must state the right to refuse authorization. - All of the above
All of the above
According to the Security Rule in HIPAA, which of the following is an example of a technical safeguard? - Passwords should be updated frequently. - Computers should have anti-virus software. - Electronically transmitted information should be encrypted. - All of the above
All of the above
What protective measures should be taken to ensure that electronic medical records are confidential and secure? - Using passwords, fingerprints, voice recognition, and eye patterns - Placing monitors where others cannot see the screen - Not sending confidential information via e-mail - Backing up data - All of the above
All of the above
Which of the following is a legal or public interest issue in which health information can be disclosed without authorization? - A patient has been diagnosed with tuberculosis. - A coroner needs dental records to identify an accident victim. - A doctor observes signs of abuse on a female patient's body. - A patient's medical record is needed as evidence in a trial. - All of the above
All of the above
Which of the following is a type of abuse that should be reported to the proper authorities?
All of the above
Who is affected by a breach of confidential patient information? - The patient - The person responsible for the breach - The facility - All of the above
All of the above
The permission that patients give in writing in order to disclose protected health information
Authorization
According to the Security Rule in HIPAA, which of the following is an example of a physical safeguard? - Medical records should be password-protected. - Employees should have security awareness training. - Computer server rooms should be locked. - All of the above
Computer server rooms should be locked
Using discretion when handling protected health information
Confidentiality
What is using discretion when handling protected health information? - Privacy - Ethics - Disclosure - Confidentiality
Confidentiality
The release, transfer, or provision of access to protected health information
Disclosure
Which of the following terms means releasing, transferring, or providing access to protected health information?
Disclosure
Which of the following is an example of information that is obtained incidentally? - Dr. Pierce discusses a patient's health condition on a cell phone in a restaurant. A waitress hears the conversation. - Dr. Kemper discusses a health condition with a patient behind closed doors. A nurse outside the door hears the conversation. - Dr. Morales discusses a health condition with a patient and her spouse. - The spouse tells other family members. - All of the above
Dr. Kemper discusses a health condition with a patient behind closed doors.
How should a documentation error be corrected?
Draw a line through the error, add the correct information, initial, and date.
Which of the following is TRUE of electronic medical records?
Electronic medical records are better organized.
What type of abuse includes excessive demands, insults, humiliation, jealousy, control, isolation, stalking, threats, lack of affection, and lack of support? - Emotional abuse - Physical abuse - Sexual abuse - All of the above
Emotional abuse
14. Which of the following is a purpose of HIPAA?
Ensure that a patient's medical information is private
According to HIPAA, a health insurance company can deny coverage to a person with pre-existing health conditions. - True - False
False
Breaches of confidential patient information never have serious consequences. - True - False
False
Errors in medical records should be erased or covered with correction fluid. - True - False
False
54. Kelsey is a health care worker who must call Mr. Grimm with the results of his blood tests. When Kelsey calls, no one picks up the phone and the answering machine plays. What should Kelsey do?
Leave a message with the name of the facility where she is calling, and a phone number where she can be reached.
A patient has requested a copy of his medical record in writing. As the office assistant, what should you do?
Make copies of everything but psychotherapy notes within 30 days.
With whom can patient information be shared without the patient's permission? - Patient's attorney - Patient's family members - Patient's other health care providers at a practice - All of the above
Patient's other health care providers at a practice
The patients' right to control the use of their protected health information
Privacy
Lydia Wilson signed a Release of Information form that gave her family doctor permission to share her medical records with her obstetrician.
Privacy of Health Information
49. Which of the following is information that is shared within a protected relationship?
Privileged communication
Any individually identifiable health information about a patient
Protected Health Information
What is the term used to describe any individually identifiable health information about a patient? - Personal Patient Data (PPD) - Confidential Personal Information (CPI) - Private Medical Records (PMR) - Protected Health Information (PHI)
Protected Health Information (PHI)
Patients have a right to obtain a copy of their medical records. Which item is legally allowed to be kept from the patient? - Health history - Medication record - Psychotherapy notes - Surgeries
Psychotherapy notes
Rhonda, a medical assistant, believes a patient is giving false information. How should Rhonda document the information?
Put the patient's exact words in quotation marks.
What is the name of the form that patients must sign to give permission to the medical facility to disclose health information? - Disclosure form - Confidential Communications Form - Release of Information form - Notice of Privacy Policy form - Amendment Request form
Release of Information form
Which of the following should be done when copying confidential information?
Remain by the copier and make sure to collect the original item.
55. Jana does not want to receive calls from her health care provider at her home number. What should Jana do?
Request that calls be made to another phone number, such as a cell phone or work phone.
Fairview Hospital installed a fingerprint-activated security system to the medical records department.
Security of Electronic Records
51. Which of the following is NOT a way to safeguard electronic medical records?
Send all confidential information by e-mail.
50. Vivian is a nurse at a children's hospital. A 10-year-old boy confides in Vivian that he has been abused by his parents, but he begs her not to tell anyone. What should Vivian do?
She should report the abuse to the proper authorities.
What is the best way to dispose of confidential information in a health care facility?
Shred it.
What may be included in medical records? - Subjective statements made by patients - Subjective observations made by health care workers - All of the above
Subjective statements made by patients
In the Privacy Rule, what is authorization? - The written permission that patients give to disclose protected health information - The approval that physicians must give to refer patients to a specialist - The contract that patients make with insurance companies - The verbal agreement between the patient and the medical facility - All of the above
The written permission that patients give to disclose protected health information
56. If an employer pays for a job-related physical examination, which of the following is TRUE?
The employer has rights to the medical records.
53. Mrs. Marshall calls her husband's health insurance provider to clarify a service coverage issue. Which of the following is TRUE?
The insurance provider will not speak with Mrs. Marshall unless her husband has given the company permission to do so.
In HIPAA, what is the name of the rule that required nationally standardized medical transactions and codes? - Health Standardization Rule - National Standards for Coding and Transacting Rule - Simplified Administration Rule for Health Transactions - Transaction and Code Set Rule
Transaction and Code Set Rule
According to the Privacy Rule in HIPAA, patients must provide written authorization before health information is released to anyone else. - True - False
True
According to the Privacy Rule, patients may request that medical facilities call them at a work phone number instead of a home phone number. - True - False
True
Patients may request amendments to their medical records. - True - False
True
When leaving telephone messages, health care workers should not speak about any confidential information. - True - False
True
With electronic medical records, users are able to remotely access to up-to-date information. - True - False
True
