HealthStream HIPAA

Question 5: What is the civil penalty for unknowingly violating HIPAA? a. $1000 to $50,000 b. $112 to $55,910 c. At least $50,000 d. $10,000 to $50,000

Your Answer $112 to $55,910 Feedback The civil penalty for unknowingly violating HIPAA is $112 to $55,910.

Question 10: Under the HIPAA Privacy Rule, which use/disclosure of PHI is acceptable? a. Provides gossip about a patient in a public area b. A limited dataset is released for research purposes c. A patient tells her providers that her children should not be informed of her condition. Her children are informed anyways d. A patient specifies that a filled prescription should not be released to his wife. The pharmacy dispenses the prescription to his wife anyway

Your Answer A limited dataset is released for research purposes. Feedback A limited dataset consists of PHI with patient identifiers removed. Limited datasets may be released for purposes of research, healthcare operations, or public health activities.

Question 1: The PHI of 600 patients in Tennessee was breached. Whom should be notified? a. HHS secretary b. Patients involved c. Media d. All of the above

Your Answer All of the above Feedback All of these need to be notified.

Question 12: Which of the following is an administrative safeguard for PHI? a. Removing electronic PHI from media before media reuse b. Ensuring that PHI sent electronically is not changed improperly c. Controlling physical access to workstations with access to electronic PHI d. Authorizing and/or supervising employees who work with electronic PHI

Your Answer Authorizing and/or supervising employees who work with electronic PHI Feedback An administrative safeguard for PHI, required under HIPAA, is authorization and/or supervision of employees with access to PHI.

Question 9: The HITECH Act did all of the following except: a. Encourage development of electronic health record systems b. Strengthen privacy and security standards c. Decrease the civil penalty for unknowingly disclosing PHI d. Establish a national data security breach notification law

Your Answer Decrease the civil penalty for unknowingly disclosing PHI Feedback The HITECH Act did not decrease the civil penalties for unknowingly disclosing PHI.

Question 2: Which use/disclosure of PHI is allowed under the HIPAA Privacy Rule? a. Releasing information about a celebrity patient to the media b. Requesting unnecessary information about a patient out of curiosity c. Discussing a patient's case with a provider involved in the patient's care d. Chatting about a patient w/ a provider not involved in the patient's care

Your Answer Discussing a patient's case with a provider involved in the patient's care Feedback PHI should be disclosed only to those with a need to know, such as providers involved in the patient's care.

Question 4: Which of the following is a technical safeguard for PHI? a. Removing electronic PHI from media before media reuse b. Ensuring that PHI sent electronically is not changed improperly c. Controlling physical access to workstations d. Authorizing and/or supervising employees who work w/ electronic PHI

Your Answer Ensuring that PHI sent electronically is not changed improperly Feedback A technical safeguard for PHI required under HIPAA is integrity control: measures for ensuring that 1) PHI sent electronically is not changed improperly and 2) any improper changes will be detected.

Question 3: Which disclosure/use of PHI is allowed under the HIPAA Privacy Rule? a. Releasing a patients PHI to the patient when he or she requests access b. Releasing a patients PHI to the media when the media requests access c. Releasing a patients PHI to the patient's best friend when the friend requests access d. Releasing a patients PHI to the patients co-workers when the co-workers request access

Your Answer Releasing a patient's PHI to the patient when he or she requests access Feedback PHI must be released to a patient when he or she requests access. Friends, co-workers, and the media should not be given access to PHI, unless the patient provides clear, written permission.

Question 11: Which statement is true of an organization that sends and/or receives PHI electronically? a. The organization is a covered entity under HIPAA b. The organization is exempt from HIPAA requirements c. The organization may choose whether or not to follow HIPAA d. The organization is required to follow only the HIPAA privacy rule

Your Answer The organization is a covered entity under HIPAA. Feedback An organization must follow HIPAA if the organization's business activities involve sending and/or receiving PHI electronically.

Question 8: A hospital employee obtains PHI without authorization. He/she may be criminally liable for the violation. a. True b. False

Your Answer True Feedback Employees may be liable for HIPAA violations.

Question 6: All healthcare providers must obtain a National Provider Identification (NPI) to be used for all HIPAA standardized transactions. a. True b. False

Your Answer True Feedback Healthcare providers must obtain and use a National Provider Identifier (NPI) issued by the National Provider System for all HIPAA standardized transactions.

Question 7: A patient who pays for 100% of treatment out of pocket can stop disclosure of this information to his/her insurer. a. True b. False

Your Answer True Feedback Patients can restrict disclosure if they pay 100% out of pocket.

Question 13: The HIPAA security rule establishes national standards for protecting the confidentiality of electronic PHI. a. True b. False

Your Answer True Feedback The HIPAA security rule establishes standards for protecting the confidentiality of electronic PHI and the integrity and availability of this information.