HIPAA / HUMAN SUBJECTS RESEARCH

1.

Which of the following is correct?
- A.
  
  HIPAA refers to federal oversight of laboratory management.
- B.
  
  HIPAA stands for, "Health Insurance Portability and Accountability Act".
- C.
  
  HIPAA has been in effect since 1990.
- D.
  
  Only university hospitals, and not private hospitals, are required to abide by HIPAA.
Correct Answer
B. HIPAA stands for, "Health Insurance Portability and Accountability Act".

Explanation
HIPAA, the "Health Insurance Portability and Accountability Act", was enacted relatively recently, in 1996. The main goals are to insure that medical information for patients is secure and can be transported between different institutions more effectively, ideally, electronically. All medical establishments must adhere to HIPAA. Federal oversight of laboratory management falls under CLIA '88, which is a separate issue from HIPAA.

Rate this question:
2.

Which of the following regarding PHI is true?
- A.
  
  PHI stands for, "Personalized Health Information".
- B.
  
  PHI includes: name, face, social security number, phone number, medical record number, first and last initials.
- C.
  
  Any datum or characteristic that reasonably can be used to identify a patient is considered PHI.
- D.
  
  Any diagnostic information can be considered PHI even if unique identifying data is deleted.
Correct Answer
C. Any datum or characteristic that reasonably can be used to identify a patient is considered PHI.

Explanation
PHI stands for, "Protected Health Information", and includes anything that can reasonably used to identify a patient. There are at least 17 items, including obvious items, such as name, social security number, and medical record number, and obscure items such as accession numbers used in surgical pathology, cities, and date of birth, but not simply initials.

Rate this question:
3.

Which of the following violates HIPPA?
- A.
  
  Placing medical reports in the regular garbage.
- B.
  
  Calling for a patient's name in the waiting room.
- C.
  
  Using personal email accounts to send emails regarding patients to a physician.
- D.
  
  Handing a prescription refill to the patient's significant other.
Correct Answer
A. Placing medical reports in the regular garbage.

Explanation
Everyone must be constantly aware of HIPAA, so that we can maintain the privacy of patients to the best of our ability. Paper documents must be shredded and kept away from the regular garbage. Sometimes it is impossible to avoid using patient information, such as calling for a patient's name in the waiting room. If possible, address the patient with their surname only. It is dangerous to use personal email accounts instead of corporate accounts to send email. However, as long as the recipient is the intended recipient, there is no violation of HIPAA. Ideally, patients should formally designate who has HIPAA privileges, but it is reasonable to assume that if the patient is married, and has sent the spouse to pick up medication, the medication can be handed to the spouse provided that the spouse can confirm PHI regarding the patient.

Rate this question:
4.

A physician reads the electronic medical record of a patient. An auditor discovers this occurrence and determines that the health care team lacked mention of this physician.
- A.
  
  This is not a violation of HIPAA because the physician actually is a member of the health care team.
- B.
  
  Such an innocent violation of HIPAA is common and does not warrant punishment.
- C.
  
  If this is an innocent HIPAA violation, the fine is $10.
- D.
  
  If the physician knowingly and maliciously violated HIPAA, the physician will go to jail.
Correct Answer
D. If the physician knowingly and maliciously violated HIPAA, the physician will go to jail.

Explanation
Unfortunately, HIPAA violations are ridiculously common. Know that the punishment for an innocent violation is $100 for the first occurrence. Intentional violations can invoke punishments that include dismissal or incarceration, depending upon the severity of the violation. It is important to document everything. Even if a physician is a patient, that physician cannot even look up their own results!

Rate this question:
5.

What can be done to prevent HIPAA violations?
- A.
  
  Leave everything out on your desk before leaving.
- B.
  
  Login to your terminal each time before leaving
- C.
  
  Bring everything home and vent about your day on social media.
- D.
  
  Talk about patients in elevators, cafeterias, parking lots, and other public places.
- E.
  
  Remove all identifiers if they are unnecessary.
Correct Answer
E. Remove all identifiers if they are unnecessary.

Explanation
Awareness is necessary to prevent HIPAA violations. Ask yourself, "Do I really need this information to do my job?" "How can I protect the privacy of the patient?" If you have a cluttered desk, chances are there is PHI somewhere. Take a few minutes at the end of the day to clean your desktop and ensure that all PHI is shredded or at least hidden if necessary to retain it. Logoff and lock your computer each time you leave your workstation, so that nobody can see what is on the screen while you are away. Clever violators will use your terminal if you are away and still logged in so that you and not the actual violator, will be assessed the HIPAA violation! Leave your work at work, unless your home has been approved by CLIA '88, which means that you have a federally approved office designated solely for work that is off limits to the remainder of the family. Always talk about patients in private to other health care members, never in public. Remove all identifiers if possible when performing research. Talk to your friends and family about work so that you are not at risk of suicide, but do not share any PHI. Only speak in general terms.

Rate this question:
6.

Your administrative assistant just faxed a report to the wrong patient. Dang! What now?
- A.
  
  Explain to the recipient that this report was sent in error, and read it to make sure.
- B.
  
  Inform the intended recipient that there was a breach in confidentiality.
- C.
  
  Blame the administrative assistant.
- D.
  
  This was an exception to the Breach Notification Rule so don't worry about it.
Correct Answer
B. Inform the intended recipient that there was a breach in confidentiality.

Explanation
Sending information to the wrong email address or wrong fax number is a common HIPAA violation. These errors can be avoided. Never type in the recipient's email address box. This will autopopulate a similar but wrong address in the address box. Instead, click on the "To:" box to access the company directory. Use speed dial if possible to send faxes to other offices. When faxing to patients, double check the number! Always use a fax cover page that has a disclaimer stating that if the recipient is not the intended recipient, the document should not be read and should be destroyed. All mistakes that are made by your support staff are your shared responsibility. Use this opportunity to educate the assistant, not blame the assistant. If the assistant faxed the report to another physician and the physician immediately recognized the error and shredded the document, that is an exception to the Breach Notification Rule and does not need to be reported.

Rate this question:
7.

Which password is best?
- A.
  
  Kim_Khloe_Kourtney_Kardashian
- B.
  
  1111111
- C.
  
  Password1
- D.
  
  Fhudfpiu__$#$REsdkkx
Correct Answer
D. Fhudfpiu__$#$REsdkkx

Explanation
Passwords should be difficult to guess and difficult to reconstruct. Use a password generator to make passwords that contain gibberish, and that expire periodically so that you have to change the password. Never reuse passwords. Never use the same passwords for multiple accounts. Use a password manager to store passwords, and never share your passwords with anyone or write them. Even better, use two factor authentication. Set up your account to require the use of a password and a second step that must be confirmed by your smartphone.

Rate this question:

1
0
8.

Which statement is correct?
- A.
  
  Ransomware typically threatens to spread from one computer to another.
- B.
  
  It is safe to plug your personal smartphone into your computer at work to charge your phone.
- C.
  
  A malicious email that appears to be legitimate is a Trojan horse.
- D.
  
  Worms insert themselves into a file and then spread to another computer.
Correct Answer
C. A malicious email that appears to be legitimate is a Trojan horse.

Explanation
Ransomware threatens to publicize stolen or locked data unless a ransom is paid. Use a wireless charger to charge your phone at work. Viruses and other malware can be transferred to and from your phone and computer via the USB cable. Worms, unlike viruses, can propagate without requiring host files. Trojan horses appear legitimate and trick users into visiting malicious websites or downloading malicious files. Examples of Trojan horses include emails with attachments or links that appear legitimate.

Rate this question:

HIPAA / Human Subjects Research

Which of the following is correct?

Which of the following regarding PHI is true?

Which of the following violates HIPPA?

A physician reads the electronic medical record of a patient. An auditor discovers this occurrence and determines that the health care team lacked mention of this physician.

What can be done to prevent HIPAA violations?

Your administrative assistant just faxed a report to the wrong patient. Dang! What now?

Which password is best?

Which statement is correct?