HIPAA/phi Banditz Compliance Quiz

20 Questions

Settings
HIPAA Compliance Quizzes & Trivia

Annual HIPAA compliance validation


Questions and Answers
  • 1. 
    The client has requested that you create an instruction guide/cheat sheet on a process within Epic, what cannot be included in the guide? 
    • A. 

      Epic terminology

    • B. 

      Epic field references

    • C. 

      Epic screenshots

    • D. 

      We're the best at making instructions guides for the client!

  • 2. 
    You lose your work phone at the airport. Your next steps would normally include all of the following except:  
    • A. 

      Call the police

    • B. 

      Fill out the lost item form

    • C. 

      Contact IT Support

    • D. 

      Call your supervisor or manager

  • 3. 
    HIPAA security and privacy regulations apply to:
    • A. 

      Attending physicians, nurses, and other healthcare professionals.

    • B. 

      Health information managers, information systems staff, and other ancillary personnel only.

    • C. 

      Anyone working in the facility.

    • D. 

      Only staff that have direct patient contact.

  • 4. 
    After working in the car on the ride home, you stop at Trader Joes for groceries. The compliance related consequence of these two actions is:  
    • A. 

      You must remember to lock your computer in the trunk before you go into Trader Joes

    • B. 

      It's ok to leave your computer in the car as long as no one is watching

    • C. 

      You should bring your computer into Trader Joes with you

    • D. 

      You got all your work done and have groceries … Dinner time!

  • 5. 
     Copies of patient information may be disposed of in any garbage can in the facility.
    • A. 

      True

    • B. 

      False

  • 6. 
    Your co-worker ran to get lunch and forgot to lock his computer. The compliance friendly response is to:  
    • A. 

      Email Ken Jones and Joe Sneddon to let them know there was a violation

    • B. 

      Email your co-worker's supervisor notifying of the mistake, but then lock his computer for him

    • C. 

      Lock his computer for him

    • D. 

      BOF him with a ridiculous email

  • 7. 
    Your friend from undergrad just got an offer from Huron and is asking for some details about the job on Facebook. What should you do?  
    • A. 

      Comment back. Facebook is your personal life.

    • B. 

      Any communication on social media needs to be prefaced with a disclaimer that this is your opinion only

    • C. 

      If this is a private Facebook message you can respond back since no one will else see it

    • D. 

      Tell your friend to ask you on Twitter instead

  • 8. 
    When filling out the client documentation sign-off form, which of the dates listed is not required: 
    • A. 

      The date you rolled out a new process

    • B. 

      The date you create draft process documentation

    • C. 

      The date you evaluated the client's current process

    • D. 

      The date you presented the final process documentation to your client

  • 9. 
    Huron Healthcare's compliance policy requires that project teams retain a number of project related documents to mitigate potential legal risk. Which document is not required for retention?  
    • A. 

      Project Quality Audit (QA) reports

    • B. 

      Updates provided to internal Huron Healthcare executive management

    • C. 

      Copy of Engagement MD Certification form signed by MD

    • D. 

      Internal team meeting agendas

  • 10. 
    Your coworker rented a sweet Jeep from National this week. Good news is you are riding in style! Bad news is:  
    • A. 

      You must lock your computer in the car

    • B. 

      You cannot lock your computer in the car because it does not have a fully enclosed trunk

    • C. 

      You must hide your laptop out of sight, like under the seat

    • D. 

      You can still lock your computer in the trunk

    • E. 

      None of the above

  • 11. 
    Your client counterpart sends you, several other Huron employees, and an outside vendor an entire ATB listing of EVERY patient currently in Accounts Receivable which contains: account numbers, addresses, Medical Record Numbers, first and last names, phone numbers, and admit and discharge dates as an upload on SecureFile. What is the absolute FIRST thing that you should do? 
    • A. 

      Panic, but then remove all PHI from the email and reply back to the client notifying them of the PHI violation and how to properly transmit PHI in the future

    • B. 

      Notify your supervisor

    • C. 

      Nothing, use the PHI if needed and then delete it

    • D. 

      Notify your director

  • 12. 
    When sending PHI in Outlook to your client, which answer is true?  
    • A. 

      Disable the auto-fill feature in Outlook so emails are not sent to the wrong person

    • B. 

      "PHI" must be included in the subject line of the email

    • C. 

      "[encrypt]" must be included in the subject line of the email

    • D. 

      I'm not allowed to send PHI via Huron Outlook on my current project

  • 13. 
    You received PHI via email from your client. Your immediate next steps are to:  
    • A. 

      Make the client upload the file to secure file

    • B. 

      Notify the client that this is not an appropriate way to send PHI

    • C. 

      Delete the PHI completely from your computer

    • D. 

      B and C

    • E. 

      All of the Above

  • 14. 
    After receiving unencrypted PHI from the client, you are ready to fill out the PHI Violation Disclosure Form. You must include detailed information on all of the following except: 
    • A. 

      When the violation occurred

    • B. 

      Who conducted the violation

    • C. 

      That you informed the violator that it was not allowed

    • D. 

      The appropriate way to send PHI from client to Huron

  • 15. 
    When should we remove the PHI data from our computers and sharepoint sites?
    • A. 

      PHI data should not be stored unless we need it to complete an active project.

    • B. 

      PHI should always be destroyed once the project is completed or the data is no longer required to support the project objectives.

    • C. 

      PHI data can be stored as long as I need it

    • D. 

      A & B

    • E. 

      A , B, & C

  • 16. 
    Which of the following steps should you take to mitigate risk of laptop theft or loss of Huron data? 
    • A. 

      Use physical cable locks to lock down laptops at Huron offices and client sites

    • B. 

      Obtain privacy screens that limit viewing when traveling or working in open work areas

    • C. 

      Do not use another person’s logon name or credentials to access client or Huron systems at any time

    • D. 

      Lock your laptop with username/password when leaving it unattended

    • E. 

      All the above

  • 17. 
    The client sent you an Epic report from Reporting Workbench, where can you save this file?
    • A. 

      Anywhere – Epic reports can be saved

    • B. 

      I can only save it on the client owned server

    • C. 

      I cannot save this file as it has Epic screenshots

    • D. 

      I can temporarily save it to complete my job and then delete it immediately

  • 18. 
    It is only necessary for Huron to complete the “Report to Huron of Possible HIPAA Compliance Issue” form if we are responsible for the security breach.  If the client is responsible, e.g., sends an email that contains PHI, it is the client’s responsibility to report the issue.
    • A. 

      True

    • B. 

      False

  • 19. 
    Due to the “auto-fill” feature in Outlook, you mistakenly email a confidential client document to a friend, rather than to the client whose name is (unfortunately) very similar.  What should you do? 
    • A. 

      Contact the friend and ask that he delete the email without reading it.

    • B. 

      Try to “recall” the message and determine whether the recall was successful.

    • C. 

      Report the disclosure immediately to Huron’s Chief Compliance Officer so that additional, required actions can be determined.

    • D. 

      Contact Huron IT.

    • E. 

      A and B

    • F. 

      All of the above

  • 20. 
    The client sent you a document containing a workflow outlining the new procedures within Epic with screenshots that the Epic IT contact sent along. Where can you save this file?
    • A. 

      Anywhere - I did not create this document

    • B. 

      I can save it on the client owned server

    • C. 

      I cannot save this file as it has Epic screenshots

    • D. 

      I need to save it to complete my job