Annual HIPAA Training
Please complete this mandatory annual training quiz by Friday, May 7. For helpful hints, visit the IMA SharePoint site and view the powerpoint presentation saved under "Shared Documents."
- 1.
HIPAA's privacy rule protects a patient's fundamental right to privacy and confidentiality of:
- A.
Patient information in electronic form
- B.
Patient information in paper form
- C.
Patient information communicated orally
- D.
All of the above
Correct Answer
D. All of the above -
- 2.
PHI relates to a person's:
- A.
Past information
- B.
Present information
- C.
Past and present information
- D.
Present and future information
- E.
Past, present and future information
Correct Answer
E. Past, present and future information -
- 3.
Using sign in sheets for patients checking in violates the privacy rule under which of the following circumstances:
- A.
Any situation. They are not allowed.
- B.
The sheet requires patients to sign in on the same sheet with their complete name, medical record #, provider they are seeing and reason for visit.
- C.
The sign in sheet is covered with one sheet of blank paper and requires first name last initial only.
- D.
Patient completes a small slip with full name, time of appointment and provider they are seeing, then drops slip into hanging folder or bin on counter.
- E.
None of the above situations violate patient privacy.
Correct Answer
B. The sheet requires patients to sign in on the same sheet with their complete name, medical record #, provider they are seeing and reason for visit. -
- 4.
Information is considered confidential if it relates to:
- A.
Physical health conditions and treatments
- B.
Mental health conditions and treatments
- C.
Information on payment
- D.
Identifying information, including name, phone number, face photo, etc.
- E.
All of the above
Correct Answer
E. All of the above -
- 5.
Health information can be disclosed without patient authorization to which of the following ?:
- A.
Law enforcement officials pursuing a criminal investigation, where state laws apply
- B.
Telemarketing company surveying cancer rates
- C.
Daily newspaper reporters who don’t even know the patient’s name
- D.
Development Office to contact Parkinson’s patients for fundraising on behalf of their Neurologist
Correct Answer
A. Law enforcement officials pursuing a criminal investigation, where state laws apply -
- 6.
Which statement best reflects the meaning of the “minimum necessary” guidelines under the HIPAA’s privacy rule?
- A.
Any information besides a patient name, address, e-mail, social security number and diagnosis
- B.
No information can be disclosed to our Business Associates
- C.
The least amount of health information people need to know about patients in order to do their jobs
Correct Answer
C. The least amount of health information people need to know about patients in order to do their jobs -
- 7.
A nurse gets a call from her mother to look up her recent lab results and bring a copy home. Would the nurse violate the privacy rule in doing so?
- A.
No. Because she is a health professional, has access to the computerized electronic medical record and it’s her own mother, she would not be breaching confidentiality.
- B.
Yes, because she had no need to know under HIPAA. A verbal request to go into someone else’s protected health information, even if they are a relative, if not part of your job, is still a breach.
Correct Answer
B. Yes, because she had no need to know under HIPAA. A verbal request to go into someone else’s protected health information, even if they are a relative, if not part of your job, is still a breach. -
- 8.
Which of the following information should be removed from a patient’s health record in order to de-identify the information?
- A.
Name
- B.
Former employer
- C.
Telephone Number
- D.
E-mail address
- E.
All of the above
Correct Answer
E. All of the above -
- 9.
Physicians may disclose protected health information to the development office for fundraising purposes under which of these conditions?
- A.
If the patient has been seen by this physician for over a year
- B.
If the physician gives the development office a list of all his oncology patients and asks the development office to contact these patients to raise money for MGH’s Oncology Foundation
- C.
If the patient signs a written authorization with the physician’s office agreeing to be contacted by the MGH development office for fundraising activities
- D.
Any situation. Fundraising efforts are an acceptable disclosure.
Correct Answer
C. If the patient signs a written authorization with the physician’s office agreeing to be contacted by the MGH development office for fundraising activities -
- 10.
You print out lab results on a patient, but the page ends up at a different printer down the hall because the printing setting changed. An employee in that office accidentally staples the patient lab results to a report he has just printed and distributes copies to his colleagues. Is this a violation of the privacy rule? If so, what is the maximum financial penalty for the infraction ?
- A.
No, it is not a violation
- B.
Yes, it is a violation and the maximum penalty is a fine up to $50,000
- C.
Yes, it is a violation and the penalty is a $100.00 fine per person, per violation
Correct Answer
C. Yes, it is a violation and the penalty is a $100.00 fine per person, per violation -
- 11.
A family member asks you to look in on their neighbor who is an inpatient on Ellison 11. Is this allowed under HIPAA?
- A.
Yes, if your family member told you the neighbor asked him to take in his mail while he was in the hospital for a few days
- B.
Yes, if your family member is very close with this neighbor
- C.
Yes, if you first ask the patient’s nurse if to check with the patient and see if this was okay with the patient
- D.
No, because it is a violation of privacy. The patient may not want your family member to know they have cancer.
Correct Answer
C. Yes, if you first ask the patient’s nurse if to check with the patient and see if this was okay with the patient -
- 12.
Patients who have been or currently are being treated at a health care facility are the only people who can request a copy of the organization’s privacy notice.
- A.
True
- B.
False
Correct Answer
B. False -
- 13.
Acknowledgement of receipt of MGH’s Privacy Notice is required at the first site of treatment, including the emergency room.
- A.
True
- B.
False
Correct Answer
A. True -
- 14.
Physicians can let their office assistants use the physician’s personal computer password to review the physician’s calendar and e-mails, including patient files, but no one else can review them.
- A.
True
- B.
False
Correct Answer
B. False -
- 15.
It’s okay to hire a transcriptionist outside the hospital and just have a hand shake agreement on how they will handle patient health information sent to them on tapes.
- A.
True
- B.
False
Correct Answer
B. False -
- 16.
Now that there is a federal law protecting patient privacy, all individual health information shares the same level of protection, including psychotherapy notes, HIV testing, AIDS, domestic violence, sexual assault, alcohol and drug abuse and genetic testing.
- A.
True
- B.
False
Correct Answer
B. False -
- 17.
Blood type must be disclosed to law enforcement officials for the purposes of investigations.
- A.
True
- B.
False
Correct Answer
A. True -
- 18.
Medflight (ambulance) transports a patient to MGH and follows up with a phone call the next day to get information about the patient’s condition and any surgery that was needed. You need the patient’s authorization in order to disclose any health information to Medflight personnel.
- A.
True
- B.
False
Correct Answer
B. False -
- 19.
Patients have the right to amend inaccurate or incomplete information contained in their individual health record.
- A.
True
- B.
False
Correct Answer
A. True -
- 20.
If you forget to log out of the computer and also forget to hit the yellow lock symbol on the bottom right hand corner of the computer screen, the computer terminal you are using will always automatically time out and clear all information being viewed by you under your personal password.
- A.
True
- B.
False
Correct Answer
B. False -
- 21.
An audit done by Health Information Services tracked that you had been in a patient’s health record and this patient was not under your care or services. You did not breach confidentiality because you were looking in that patient’s record for teaching purposes.
- A.
True
- B.
False
Correct Answer
B. False -
- 22.
A deceased person no longer has the same privacy protections of their health information as a living patient.
- A.
True
- B.
False
Correct Answer
B. False -
- 23.
Upon admission, patients have the option to not be listed in the hospital directory.
- A.
True
- B.
False
Correct Answer
A. True -
- 24.
Criminal penalties for improperly disclosing private health information can include fines of up to $250,000 and prison sentences of up to 10 years.
- A.
True
- B.
False
Correct Answer
A. True -
- 25.
You are permitted to use PHI for treatment, payment and health care operations.
- A.
True.
- B.
False
Correct Answer
A. True. -
- 26.
Privacy laws do not allow healthcare providers to report suspected abuse and certain PHI to authorities, even when other laws require it.
- A.
True
- B.
False
Correct Answer
B. False -
- 27.
James is scrubbing the floor in a semi-private room when the physician comes in to talk to a patient. James overhears the physician even though he is speaking quietly and the curtain is pulled around for privacy. James recognizes the patient as a teacher at his son’s school. He hears the physician tell him he has cancer and only has a few weeks to live. Which of the following is true?
- A.
The physician took proper precautions by drawing the curtain and keeping his voice low. Under HIPAA, James has a legal and ethical obligation to pretend he never heard anything about this patient and to not share this information with anyone.
- B.
The physician has violated HIPAA by discussing the patient’s condition where others, including employees without a “need to know,” might hear. Speaking quietly is not enough to ensure patient privacy. He should have moved to a private space before having the discussion.
- C.
The physician took proper precautions by drawing the curtain and keeping his voice low. Because he overheard accidentally and the information was not directly shared, James is under no obligation and can tell his son what he has heard.
- D.
James has violated HIPAA by not leaving the room when he heard patient information being discussed. Because he does not have a “need to know” to complete his job responsibilities, he should have take precautions to avoid accidentally being exposed to PHI.
Correct Answer
A. The physician took proper precautions by drawing the curtain and keeping his voice low. Under HIPAA, James has a legal and ethical obligation to pretend he never heard anything about this patient and to not share this information with anyone. -
- 28.
Danny is on his way to lunch at the Eat Street Café. He notices a stack of patient records left unattended at the water fountain. He has no contact with patient information as part of his job at MGH. Which of the following is true?
- A.
Danny should not touch the records. His job does not bring him into contact with PHI, therefore he is not authorized to handle this information. Doing so would be a breach of patient privacy. He has a legal and ethical obligation under HIPAA to pretend he never saw them.
- B.
Danny should immediately pick up the records and return them to a supervisor in Health Information Services or the Office of Patient Advocacy. Even though he does not handle PHI as a part of his job, as a hospital employee he is still responsible for safeguarding patient information.
- C.
Danny should not touch the records. His job does not bring him into contact with PHI, therefore he is not authorized to handle this information. Doing so would be a breach of patient privacy. He should contact a supervisor at Health Information Services or the Office of Patient Advocacy and report the unattended records.
- D.
Danny should immediately pick up the records. Even though he does not usually handle PHI as a part of his job, as a hospital employee he is still responsible for safeguarding patient information. Because he now has the “need to know,” he may look through the records to determine the source and should immediately return them to that department.
Correct Answer
B. Danny should immediately pick up the records and return them to a supervisor in Health Information Services or the Office of Patient Advocacy. Even though he does not handle PHI as a part of his job, as a hospital employee he is still responsible for safeguarding patient information. -
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 21, 2022Quiz Edited by
ProProfs Editorial Team -
Apr 22, 2010Quiz Created by
Hmp13
- ACA Quizzes
- ACCA Quizzes
- ACE Quizzes
- BCBA Quizzes
- CCP Quizzes
- CDC Quizzes
- CDCs Quizzes
- CEH Quizzes
- CISA Quizzes
- CISCO Quizzes
- CISSP Quizzes
- CompTIA Quizzes
- CPA Quizzes
- CPAT Quizzes
- CPFA Quizzes
- CPP Quizzes
- CSA Quizzes
- CSWIP Quizzes
- IAHCSMM Quizzes
- ISTQB Quizzes
- LEED Ga Quizzes
- MBLEx Quizzes
- NCIDQ Quizzes
- PMP Quizzes
- PRAXIS Quizzes
- PTCB Quizzes
- Six Sigma Quizzes
- TEAS Quizzes
Back to top