HIPAA And Corporate Compliance For Stroger Students And Rotators

2.

Cook County Health and Hospital System (CCHHS) may use and disclose pHI without patient authorization for:

A. Treatment
B. Payment
C. Operations
A and C are correct
A, B, and C are correct

Correct Answer

A. A, B, and C are correct

Explanation

The correct answer is A, B, and C are correct. Cook County Health and Hospital System (CCHHS) is allowed to use and disclose Protected Health Information (PHI) without patient authorization for treatment, payment, and operations purposes. This means that they can access and share patient information within the healthcare system for providing medical care, processing payments, and conducting administrative activities necessary for the functioning of the hospital system.

Rate this question:

3.

An allowable incidental disclosure is:

A visitor ovehears two nurses discussing a patient's condition on the elevator
A therapist discusses the patient's clinical condition with the patient in a waiting room full of patients
A patient overhears the doctor speaking to another patient in a shared hospital room.
All of these examples are allowable incidental disclosures.

Correct Answer

A. A patient overhears the doctor speaking to another patient in a shared hospital room.

Explanation

All of the examples given involve incidental disclosures, which are unintentional disclosures of protected health information (PHI) that occur as a byproduct of a permitted use or disclosure. In this case, a patient overhearing the doctor speaking to another patient in a shared hospital room is considered an allowable incidental disclosure because it is not intentional and occurs in a setting where privacy cannot be fully maintained. However, it is important for healthcare providers to take reasonable steps to minimize incidental disclosures and protect patient privacy as much as possible.

Rate this question:

4.

Patients have the right to:

Request access to their own medical record
Request a revision to their medical record
Request and accounting of the disclosures that have been made
All of the above

Correct Answer

A. All of the above

Explanation

The correct answer is "All of the above" because patients have the right to request access to their own medical record, request a revision to their medical record, and request an accounting of the disclosures that have been made. These rights are essential for patients to have control over their medical information and ensure its accuracy and privacy.

Rate this question:

1

5.

At registration, patients are provided with a Notice of Privacy Practices that explains how their health information may be used.

True
False

Correct Answer

A. True

Explanation

The statement is true because it states that at registration, patients are provided with a Notice of Privacy Practices that explains how their health information may be used. This notice is a requirement under the Health Insurance Portability and Accountability Act (HIPAA) and ensures that patients are informed about their rights regarding the privacy and security of their health information. By providing this notice, healthcare providers are promoting transparency and giving patients the opportunity to make informed decisions about their healthcare.

Rate this question:

6.

It is ok to post patient information on a blog or social media site as long as CCHHS is not mentioned.

True
False

Correct Answer

A. False

Explanation

Posting patient information on a blog or social media site, even without mentioning CCHHS (Cook County Health and Hospitals System), is not acceptable. It is a violation of patient privacy and confidentiality. Healthcare providers are bound by laws and ethical standards to protect patient information and should never disclose it on public platforms.

Rate this question:

7.

Paper containing pHI can be disposed of in the regular trash

True
False

Correct Answer

A. False

Explanation

Paper containing PHI (Protected Health Information) cannot be disposed of in the regular trash because it contains sensitive and confidential information about individuals' health. Proper disposal of PHI is crucial to ensure privacy and prevent unauthorized access. HIPAA (Health Insurance Portability and Accountability Act) regulations require healthcare organizations to implement secure methods of disposal, such as shredding or incineration, to protect patient information. Therefore, the correct answer is False.

Rate this question:

8.

It is against CCHHS policy to access your own health information

True
False

Correct Answer

A. True

Explanation

According to the statement, it is against CCHHS (Cook County Health and Hospitals System) policy to access your own health information. This means that individuals are not allowed to access their own health records within the CCHHS system. Therefore, the answer is true.

Rate this question:

9.

If you suspect a privacy breach or you are aware of a privacy breach, you should:

Tell the employee they should not be breaching a patient's privacy.
Not worry about it because it is only one patient's information.
Report your concern to your supervisor and to Corporate Compliance
Call the patient and tell them you think their privacy was breached

Correct Answer

A. Report your concern to your supervisor and to Corporate Compliance

Explanation

If you suspect a privacy breach or are aware of one, it is important to report your concern to your supervisor and to Corporate Compliance. This is the correct course of action because it ensures that the appropriate authorities are made aware of the breach and can take appropriate action to address the situation. Telling the employee they should not be breaching a patient's privacy may not be sufficient in addressing the issue, as it may require further investigation and intervention. It is also not advisable to ignore the breach or contact the patient directly, as this may not be within your jurisdiction and could potentially complicate the situation further.

Rate this question:

10.

Which of the following is an example of proper password practice?

Share passwords with co-workers
Create a password using your name and birthdate so you can easily remember it.
Create a password that is difficult to guess and is not based on your personal information. Use upper and lower case letters, numbers, and other characters.
Write your password down and place the password next to your computer

Correct Answer

A. Create a password that is difficult to guess and is not based on your personal information. Use upper and lower case letters, numbers, and other characters.

Explanation

Creating a password that is difficult to guess and not based on personal information, while using a combination of upper and lower case letters, numbers, and other characters, is an example of proper password practice. This ensures that the password is strong and less vulnerable to hacking attempts. Sharing passwords with co-workers, using personal information in the password, and writing the password down and leaving it next to the computer are all examples of improper password practices that can compromise security.

Rate this question:

1

HIPAA And Corporate Compliance For Stroger Students And Rotators

Minimum Necessary means:

Quiz Preview

Cook County Health and Hospital System (CCHHS) may use and disclose pHI without patient authorization for:

An allowable incidental disclosure is:

Patients have the right to:

At registration, patients are provided with a Notice of Privacy Practices that explains how their health information may be used.

It is ok to post patient information on a blog or social media site as long as CCHHS is not mentioned.

Paper containing pHI can be disposed of in the regular trash

It is against CCHHS policy to access your own health information

If you suspect a privacy breach or you are aware of a privacy breach, you should:

Which of the following is an example of proper password practice?