1.
Privacy, confidentiality, and electronic security are important concepts to Rush because:
Correct Answer
D. All of the listed responses.
Explanation
Privacy, confidentiality, and electronic security are important concepts to Rush because they allow patients to feel comfortable sharing information with their caregivers. This is crucial for building trust and ensuring open communication between patients and healthcare providers. Additionally, these concepts demonstrate Rush's commitment to protecting the privacy and security of patient information, which is essential in maintaining patient confidentiality and complying with legal and ethical standards. By prioritizing privacy, confidentiality, and electronic security, Rush can continue to provide excellent patient care while respecting patients' rights and maintaining their trust.
2.
Which of the following examples is NOT a common work practice that protects the confidentiality of patient information?
Correct Answer
B. Limiting the number of visitors who can see a patient.
Explanation
Limiting the number of visitors who can see a patient is not a common work practice that protects the confidentiality of patient information. While the other options mentioned, such as keeping records locked when not in use, limiting access to patient records, and logging out of patient information systems, all focus on restricting access to patient information, limiting the number of visitors does not directly address the protection of patient confidentiality.
3.
All patient requests for restrictions or amendments must be forwarded immediately to the Rush Privacy Office.
Correct Answer
A. True
Explanation
The statement indicates that all patient requests for restrictions or amendments should be immediately sent to the Rush Privacy Office. This suggests that the organization has a policy in place to handle such requests and prioritize patient privacy. Therefore, the answer "True" implies that the organization follows this practice.
4.
The HIPAA Privacy and Security regulations give patients federal rights concerning their protected health information.
Correct Answer
A. True
Explanation
The HIPAA Privacy and Security regulations are designed to protect patients' rights regarding their protected health information. These regulations ensure that patients have control over their personal health information and have the right to access, request corrections, and limit the disclosure of their information. By implementing these regulations, patients are given federal rights to maintain the privacy and security of their health information. Therefore, the statement that the HIPAA Privacy and Security regulations give patients federal rights concerning their protected health information is true.
5.
Which of the following is not a patient’s right under HIPAA?
Correct Answer
A. Right to receive a user ID and password for all electronic applications in which their information is stored.
Explanation
The right to receive a user ID and password for all electronic applications in which their information is stored is not a patient's right under HIPAA. HIPAA grants patients the right to access their information, the right to restrict their information, and the right to amend their information. However, it does not specifically guarantee the right to receive a user ID and password for electronic applications.
6.
Only employees who need to access patient records have a role in protecting patient privacy and confidentiality.
Correct Answer
B. False
Explanation
This statement is false because protecting patient privacy and confidentiality is not solely the responsibility of employees who need to access patient records. All employees, regardless of their role, have a role in protecting patient privacy and confidentiality. This includes following privacy policies and procedures, keeping patient information secure, and maintaining confidentiality in all aspects of their work. It is a collective responsibility to ensure patient privacy and confidentiality is maintained.
7.
Violations of the privacy, confidentiality, and electronic security of patient information can be reported by:
Correct Answer
D. All of the listed responses.
Explanation
All of the listed responses provide ways to report violations of privacy, confidentiality, and electronic security of patient information. Calling the Rush Privacy Hotline, contacting the Rush Privacy Office, and talking to one's supervisor are all valid and effective methods for reporting such violations. Therefore, the correct answer is that all of the listed responses are appropriate.
8.
All employees are obligated to do which of the following?
Correct Answer
D. All of the listed responses.
Explanation
The correct answer is "All of the listed responses." This means that all employees are required to complete annual HIPAA Privacy and Security Training, comply with all Rush HIPAA Privacy and Security policies, and report any violations of privacy, confidentiality, and electronic security of patient information.
9.
It is OK to share your user ID and passwords with a colleague if you are out of the office and won’t be using them.
Correct Answer
B. False
Explanation
Sharing user IDs and passwords with colleagues is not recommended, even if you are out of the office and won't be using them. This practice violates security protocols and increases the risk of unauthorized access to sensitive information. It is important to maintain confidentiality and protect personal and company data by not sharing login credentials with anyone.
10.
What questions should you ask yourself before looking at a patient’s protected health information?
Correct Answer
D. All of the listed answers.
Explanation
Before looking at a patient's protected health information, it is important to ask yourself the following questions: What is the least amount of information I need to do my job? Do I have my own approved and valid user ID and password that would allow me to access this information? Do I need to know this information in order to do my job? By asking these questions, you ensure that you are accessing the information only when necessary and that you have the proper authorization to do so. Therefore, the correct answer is all of the listed answers.
11.
Rush must maintain and enforce HIPAA privacy and security policies and train all Medical Center employees on HIPAA privacy and security issues annually.
Correct Answer
A. True
Explanation
The statement is true because Rush, as a Medical Center, is required to adhere to HIPAA privacy and security policies. This includes maintaining and enforcing these policies to ensure the protection of patient information. Additionally, all employees must be trained annually on HIPAA privacy and security issues to ensure they are aware of the necessary protocols and procedures to maintain compliance.