HIPAA Compliance Quiz

20 Questions

Settings
Please wait...
HIPAA Compliance Quiz

Annual HIPAA compliance validation


Questions and Answers
  • 1. 
    What kind of personally identifiable health information is protected by HIPAA privacy rule?
    • A. 

      Paper

    • B. 

      Electronic

    • C. 

      The spoken word

    • D. 

      All of the above

    • E. 

      None of the above

  • 2. 
     If you suspect someone is violating the facility’s privacy policy, you should:
    • A. 

      Say nothing. It's none of your business.

    • B. 

      Watch the individual until you have gathered solid evidence against them.

    • C. 

      Report your suspicions to your clinical supervisor for further follow-up.

  • 3. 
    HIPAA security and privacy regulations apply to:
    • A. 

      Attending physicians, nurses, and other healthcare professionals.

    • B. 

      Health information managers, information systems staff, and other ancillary personnel only.

    • C. 

      Anyone working in the facility.

    • D. 

      Only staff that have direct patient contact.

  • 4. 
     It would be appropriate to release patient information to:
    • A. 

      The patient's (non-attending) physician brother.

    • B. 

      Personnel from the hospital that the patient transferred from 2 days ago, who is calling to check on the patient.

    • C. 

      The respiratory therapy personnel doing an ordered procedure.

    • D. 

      A retired physician who is a friend of the family.

  • 5. 
     If a person has the ability to access facility of company systems or applications, they have a right to view any information contained in that system or application.
    • A. 

      True

    • B. 

      False

  • 6. 
    A visitor who asks for a patient by name may receive the following information EXCEPT:
    • A. 

      Patient name

    • B. 

      Patient condition in general terms (e.g., stable, critical, etc.)

    • C. 

      Patient room number

    • D. 

      Patient diagnosis

  • 7. 
     Copies of patient information may be disposed of in any garbage can in the facility.
    • A. 

      True

    • B. 

      False

  • 8. 
     The criminal penalties for improperly disclosing patient health information can be as high as fines of $250,000 and prison sentences of up to 10 years.
    • A. 

      True

    • B. 

      False

  • 9. 
     Protected health information is anything that connects a patient to his or her health information.
    • A. 

      True

    • B. 

      False

  • 10. 
    Confidentiality protections cover not just a patient’s health-related information, such as his or her diagnosis, but also other identifying information such as social security number and telephone numbers.
    • A. 

      True

    • B. 

      False

  • 11. 
     You are working elsewhere in the hospital when you hear that a neighbor has just arrived in the ER for treatment after a car crash.  You should
    • A. 

      Contact the neighbor's spouse to alert him or her about the accident.

    • B. 

      Do nothing and pretend you don't know about it.

    • C. 

      Tell the charge nurse in the ER that you know how to reach the patient's spouse and offer the information if it's needed.

  • 12. 
    Which of the following are some common features designed to protect confidentiality of health information contained in patient medical records?
    • A. 

      Locks on medical records rooms

    • B. 

      Passwords to access computerized records

    • C. 

      Rules that prohibit employees from looking at records unless they have a need to know

    • D. 

      All of the above

  • 13. 
    Confidential information must not be shared with another unless the recipient has:
    • A. 

      An OK from a doctor

    • B. 

      The need to know

    • C. 

      Permission from appropriate authority in the facility

    • D. 

      All of the above

  • 14. 
    Which of the following is the appropriate person with whom to share patient information even if the patient has NOT specifically authorized the release of information to the individual?
    • A. 

      A former physician of the patient who is concerned about the patient.

    • B. 

      A colleague who needs information about the patient to provide proper care.

    • C. 

      A friend of the patient.

    • D. 

      A pharmaceutical salesman who is offering a fee for a list of patients to whom he could send a free sample of his product.

  • 15. 
    What is the standard for accessing patient information?
    • A. 

      A need to know for the performance of your job.

    • B. 

      If a physician asks you the diagnosis of a patient.

    • C. 

      Just because you are curious.

    • D. 

      You are a relative of the patient.

  • 16. 
    Can you access your own medical record via the computer system?
    • A. 

      True

    • B. 

      False

  • 17. 
     Patients have a right to access their health information.
    • A. 

      True

    • B. 

      False

  • 18. 
    Confidentiality and privacy are important concepts in healthcare because:
    • A. 

      They help protect healthcare facilities from lawsuits.

    • B. 

      They allow patients to feel comfortable sharing information with their doctors.

    • C. 

      They avoid the confusion of having people other than a physician distributing information about a patient.

    • D. 

      Both A & B.

  • 19. 
    You are approached by an individual who tells you that he is here to work on the computers and wants you to open a door for him or point the way to a workstation.  How do you respond to this request?
    • A. 

      Provide him with the information or access he needs.

    • B. 

      Ask him who at the facility has hired him and refer him to that person for assistance.

    • C. 

      Call the police.

  • 20. 
    When is the patient’s written authorization to release information required?
    • A. 

      In most cases, when patient information is going to be shared with anyone for reasons other than treatment, payment or healthcare operations.

    • B. 

      Upon admission to a facility.

    • C. 

      When patient information is to be shared among two or more clinicians.

    • D. 

      When patient information is used for billing to a private insurer.