HIPAA Quiz

1. Are members of the workforce who are not involved in a patient's care allowed to review the patient's chart out of curiosity?

Yes

No

Only workforce members who are involved in the patient's care are permitted to review the patient's chart without the patient's authorization. Reviewing the patient's chart merely out of curiosity would violate his/her privacy.

Explanation

Only workforce members who are involved in the patient's care are permitted to review the patient's chart without the patient's authorization. Reviewing the patient's chart merely out of curiosity would violate his/her privacy.

2. What can happen to a person who knowingly violates patient privacy for personal gain or malicious harm?

Disciplinary action

Loss of access privileges

Fines and penalties

Imprisonment

All of the above

3. Are Consents and Authorizations the same?

Yes. They can be used interchangeably.

4. Physical security includes which of the following?

Locking doors and desks

Keeping PHI out of view of those around you

Storing computer equipment safely

All of the above

Physical security involves common-sense steps to safeguard information from physical threats (e.g., theft). These steps include locking doors and desks, making sure that those around you cannot easily view PHI, and storing computer equipment safely and securely.

Explanation

Physical security involves common-sense steps to safeguard information from physical threats (e.g., theft). These steps include locking doors and desks, making sure that those around you cannot easily view PHI, and storing computer equipment safely and securely.

5. Protected health information that should be kept confidential includes a patient's:

Diagnosis, procedures received, lab results

Name, address, and social security number

Medical information stored electronically (in Browser, Siemens, Meditech, etc.)

All of the above

Protected health information is individually identifiable health information in any form (paper, electronic, oral) that is transmitted and/or stored by a covered entity or business associate.

Explanation

Protected health information is individually identifiable health information in any form (paper, electronic, oral) that is transmitted and/or stored by a covered entity or business associate.

6. Over the past two years, you've collected many, many sheets of paper that contain patient names and other identifiable health information. You'd like to get rid of some of this paper. What should you do?

Use it as scratch paper.

Throw it in the trashcan.

Destroy it/ shred it

7. Should I report a security or privacy violation?

No, that is a task for the police.

Yes, but only the really serious ones.

8. True or False? Under HIPAA, a patient has the following rights: a. To receive a Notice of Privacy Practices. b. To see or receive a copy of his/her protected health information (PHI) c. To request that his/her PHI be corrected. d. To ask for PHI to be sent to him/her at a different address or a different way. e. To request limits on how his/her PHI is used and disclosed. f. To receive a list of disclosures.

True

False

9. Unauthorized access is:

Access/disclosures of information that an employee or physician does not have the job responsibility to access or share

Prohibited and against the HIPAA Privacy Rule

All of the above

Unauthorized access is accessing information for which you do not have a job responsibility to access or share.

Explanation

Unauthorized access is accessing information for which you do not have a job responsibility to access or share.

10. You're an employee of the medical center's Environmental Services department. One day, when you're working in the Emergency Room, you see the ambulance bring in your neighbor, Bill. You hear someone say that Bill will be taken to the Operation Room. Bill's wife also works for the medical center in another department. True or False? You should call Bill's wife right away and tell her that he is in the Emergency Room.

True

False

False. Instead, tell the nursing staff that you know the patient and his wife. Let them know that you can help if they need to locate the patient's wife. Your neighbor has a right to privacy. If Bill is able to express his wishes, the ER staff will allow him to decide whom to notify that he is at the medical center.

Explanation

False. Instead, tell the nursing staff that you know the patient and his wife. Let them know that you can help if they need to locate the patient's wife. Your neighbor has a right to privacy. If Bill is able to express his wishes, the ER staff will allow him to decide whom to notify that he is at the medical center.

11. What are some things I can do to be more alert to Privacy and Security?

Keep it to yourself!

Activate screen saver with a password.

Improve your password strength and don't share it with anyone.

Make sure your Virus Scanner is enabled.

Do not install unauthorized software.

All of the above

12. As a healthcare worker, you may share PHI for:

Treatment

Payment

Healthcare operations

All of the above

Reason: HIPAA does not restrict healthcare workers from sharing PHI for treatment, payment, or healthcare operations. This includes using or disclosing PHI to properly care for a patient, ensure proper billing, and aid in quality-improvement efforts.

Explanation

Reason: HIPAA does not restrict healthcare workers from sharing PHI for treatment, payment, or healthcare operations. This includes using or disclosing PHI to properly care for a patient, ensure proper billing, and aid in quality-improvement efforts.

13. When discussing PHI in public places where your conversation can be overheard, try to:

Lower your voice.

Use non-generic terms.

Move to a more private area.

Both A and C

14. Who is covered under HIPAA?

Clearinghouses

Healthcare providers that transmit standard transactions electronically

Health plans

All of the above

15. What does "minimum necessary" mean?

I am only expected to complete the minimum requirements of my job

A workforce member's access to PHI is limited to only what is needed to perform his/her responsibilities.

Requests for and disclosures of PHI are limited to what is needed to perform the task.

A medical center is no longer allowed to provide information about patients to the media under any circumstances.

B and C

16. The Notice of Privacy Practices:

Explains how the medical center will use or disclose patients' protected health information.

Is a list of private physicians who practice at the medical center.

Describes how the medical center will protect the privacy of employee records.

17. A patient may inspect or copy his or her entire medical record except for:

Psychotherapy notes

Notes or information compiled for use in a civil, criminal, or administrative proceeding

Information that a licensed provider determines will likely endanger the life or safety of the patient or another person

All of the above

Reason: Patients have the right ot inspect and obtain copies of their medical records. HIPAA allows a few exceptions to this rule, including psychotherapy notes, information that may endanger patient or others, and information compiled for use in a civil, criminal, or administrative proceeding.

Explanation

Reason: Patients have the right ot inspect and obtain copies of their medical records. HIPAA allows a few exceptions to this rule, including psychotherapy notes, information that may endanger patient or others, and information compiled for use in a civil, criminal, or administrative proceeding.

18. When storing sensitive information on laptops and mobile devices you should:

Only do it sparingly

Not do it at all

Use encryption if you must store or transmit sensitive information

B or C

Sensitive electronic information should only be stored on laptops or mobile devices if it is encrypted.

Explanation

Sensitive electronic information should only be stored on laptops or mobile devices if it is encrypted.

HIPAA Quiz

1. Are members of the workforce who are not involved in a patient's care allowed to review the patient's chart out of curiosity?

2.

What first name or nickname would you like us to use?

2. What can happen to a person who knowingly violates patient privacy for personal gain or malicious harm?

3. Are Consents and Authorizations the same?

4. Physical security includes which of the following?

5. Protected health information that should be kept confidential includes a patient's:

6. Over the past two years, you've collected many, many sheets of paper that contain patient names and other identifiable health information. You'd like to get rid of some of this paper. What should you do?

7. Should I report a security or privacy violation?

9. Unauthorized access is:

11. What are some things I can do to be more alert to Privacy and Security?

12. As a healthcare worker, you may share PHI for:

13. When discussing PHI in public places where your conversation can be overheard, try to:

14. Who is covered under HIPAA?

15. What does "minimum necessary" mean?

16. The Notice of Privacy Practices:

17. A patient may inspect or copy his or her entire medical record except for:

18. When storing sensitive information on laptops and mobile devices you should: