Cvhn Annual HIPAA Training Quiz - 2012

30 Questions | Total Attempts: 186

SettingsSettingsSettings
HIPAA Quizzes & Trivia

This quiz will be used to help evaluate your understanding of HIPAA and improve the educational content of the HIPAA training course.


Questions and Answers
  • 1. 
    A simple way that best explains the Privacy Rule is:
    • A. 

      Using passwords on your computer keeps patient records private.

    • B. 

      An individual has privacy rights under a Federal law, protecting his or her health information.

    • C. 

      No one is allowed to look at a patient’s medical chart if an authorization has not been signed.

  • 2. 
    Select the best answer to complete this sentence.  PHI stands for:
    • A. 

      Patient health insurance

    • B. 

      Protected health information

    • C. 

      Personal health information

  • 3. 
    PHI can be accessed through the following ways:
    • A. 

      A conversation with a patient, employee, family member, supervisor, or health care member.

    • B. 

      A medical document such as a medical bill, treatment plan, lab report, or financial statement.

    • C. 

      Electronically through emails, computer programs, data feeds, instant messaging.

    • D. 

      All of the above

  • 4. 
    What is the best way to handle a suspected Breach of PHI?
    • A. 

      Collect the data, put it in a sealed envelope and place it in your locked desk drawer.

    • B. 

      Don’t tell anyone, because you don’t want to get your co-worker in trouble.

    • C. 

      Immediately notify your Supervisor or the HIPAA Privacy or Security Officer.

  • 5. 
    A patient’s Medical Record Number (MRN) is considered to be an individually identifiable identifier?
    • A. 

      True

    • B. 

      False

  • 6. 
    You notice that the locked shred bins are not in their usual location and your supervisor tells you they won’t be available until the next day.  What is the best way to deal with the hard copy PHI that you need to get rid of before you leave work for the day?
    • A. 

      Tear the paper up and place it in the regular trash bin.

    • B. 

      Leave the papers face down on your desk until the next day.

    • C. 

      Lock the papers in your secure file drawer or cabinet and place them in the locked shred bin the following day.

  • 7. 
    Which statement is correct regarding passwords?
    • A. 

      Choosing a strong password (one not easily guessed) is essential in securing information.

    • B. 

      Generally good passwords are at least six characters long and contain a combination of numbers and lower and upper case letters.

    • C. 

      Poor passwords include the use of simple or easily guessed words or phrases such as your favorite sports team name, family name or dates of birth.

    • D. 

      All of these are correct.

  • 8. 
    The HIPAA Security Rule deals with protected health information in paper form.
    • A. 

      True

    • B. 

      False

  • 9. 
    According to the Security Rule, the following formats are considered electronic.  Check all that apply:
    • A. 

      Email

    • B. 

      Flash drive

    • C. 

      CD

    • D. 

      Smart Phone

    • E. 

      Paper copy of test results

    • F. 

      Fax

  • 10. 
    Why is it so important not to download software or go to unauthorized websites without prior IT approval?
    • A. 

      It is OK to install software or use unauthorized websites as long as you have used them before.

    • B. 

      It is OK to install software or use unauthorized websites as long as you click the "OK" or "ACCEPT" check box.

    • C. 

      Computer viruses or spyware can expose our company’s computer network to hackers, which can cause a data breach.

    • D. 

      Many forms of software costs money and the company must pre-approve all expenses.

  • 11. 
    To protect you from forgetting your password, it is important for you to share your login and password information with a co-worker or leave it written down in an obvious location.
    • A. 

      True

    • B. 

      False

  • 12. 
    The correct way to securely encrypt an email containing PHI is:
    • A. 

      Type [secure] into the subject line.

    • B. 

      Send IT a Mantis ticket.

  • 13. 
    When you head to lunch or before you leave for the day, you should:
    • A. 

      Minimize all your applications.

    • B. 

      Tell a co-worker you are leaving and to “keep an eye” on your desk.

    • C. 

      Lock your computer screen and secure any PHI on your desk.

  • 14. 
    The company is permitted to audit information stored on company-owned computers at any time.
    • A. 

      True

    • B. 

      False

  • 15. 
    Which of the following HIPAA violations occurred within our organization most often in 2012?
    • A. 

      Sending PHI through unsecured email.

    • B. 

      Losing a laptop during business travel.

    • C. 

      Talking about patient information in the bathroom areas.

  • 16. 
    A HIPAA Breach is defined as:
    • A. 

      Forgetting to encrypt an email containing PHI.

    • B. 

      Talking too loudly with a patient on the phone, which allows your co-worker to overhear the conversation.

    • C. 

      An impermissible use or disclosure that compromises the security or privacy of PHI and poses a significant risk of harm to the affected individual.

  • 17. 
    Talking too loudly with a patient on the phone allows your co-worker seated next to you to overhear the conversation.  What would this be considered? 
    • A. 

      A HIPAA Breach

    • B. 

      Rude behavior

    • C. 

      An inadvertent disclosure

  • 18. 
    If our organization is found in violation of the HIPAA Privacy and Security Rules, what can happen?   Mark all that apply:
    • A. 

      The Office for Civil Rights can punish us with civil monetary penalties.

    • B. 

      The Office for Civil Rights can punish us with criminal penalties.

    • C. 

      We may have to notify the involved patient(s).

    • D. 

      We may have to notify the involved client(s).

    • E. 

      We may have to notify the media.

    • F. 

      Our company’s name may be posted on the Department of Health and Human Services’ website “Wall of Shame.”

  • 19. 
    A patient enrolled in one of our care management programs has a primary care physician and a specialist.  Are we able to send a copy of the care plan to the patient’s specialist without obtaining written authorization?
    • A. 

      Yes

    • B. 

      No

  • 20. 
    A patient who is receiving services through one of our program calls us.  Of the following, the best way to help verify the identity of a patient receiving our services is to ask for their:
    • A. 

      Height and weight

    • B. 

      Date of birth or SSN

    • C. 

      Eye and hair color

  • 21. 
    The Privacy Rule includes protecting health information that is found in employment and education records.
    • A. 

      True

    • B. 

      False

  • 22. 
    One of the three general Security Rule’s requirements for compliance is:
    • A. 

      Ensure the confidentiality, integrity, and availability of ePHI.

    • B. 

      Ensure the completeness, integrity, and authenticity of ePHI.

    • C. 

      Ensure the confidentiality, individuality and accountability of ePHI.

  • 23. 
    Which of the following are some of the most common forms of HIPAA violations:
    • A. 

      Unsecured or unprotected PHI that is then accessed by unauthorized persons.

    • B. 

      Hard copy PHI that is improperly disposed of in trash bins.

    • C. 

      Curious employees that browse medical records of family or friends.

    • D. 

      Terminated employees that gain access to computer records.

    • E. 

      Careless employees discussing PHI in public areas.

    • F. 

      All of the above

  • 24. 
    A patient has the right to request a list of how their PHI has been disclosed.
    • A. 

      True

    • B. 

      False

  • 25. 
    The Privacy Rule generally requires covered entities to limit the use or disclosure of PHI to the minimum necessary to accomplish the intended purpose. Dr. Smith (PCP) refers a patient to Dr. Jones (Specialist) for a consultation.  The minimum necessary rule applies in this case, since they are discussing the patient’s care.
    • A. 

      True

    • B. 

      False

Related Topics
Back to Top Back to top