HIPAA And Corporate Compliance For Stroger Students And Rotators

1.

Minimum Necessary means:
- A.
  
  Accessing PHI you need to know to do your job
- B.
  
  Accessing a medical record to find out about a neighbor's condition
- C.
  
  Telling a co-worker about the medical care of a patient who is also well known to the community
- D.
  
  None of these answers are correct
Correct Answer
A. Accessing PHI you need to know to do your job

Explanation
The concept of minimum necessary means that when accessing PHI (Protected Health Information), an individual should only access the information that is necessary for them to perform their job duties effectively. This principle ensures that the privacy of patients' medical information is protected and that only authorized personnel have access to the information they require to carry out their responsibilities. The other options mentioned in the question, such as accessing a medical record for personal curiosity or sharing patient information with a coworker without a legitimate need, would violate the principle of minimum necessary and compromise patient privacy.

Rate this question:
2.

Cook County Health and Hospital System (CCHHS) may use and disclose PHI without patient authorization for:
- A.
  
  A. Treatment
- B.
  
  B. Payment
- C.
  
  C. Operations
- D.
  
  A and C are correct
- E.
  
  A, B, and C are correct
Correct Answer
E. A, B, and C are correct

Explanation
The correct answer is A, B, and C are correct. Cook County Health and Hospital System (CCHHS) is allowed to use and disclose Protected Health Information (PHI) without patient authorization for treatment, payment, and operations purposes. This means that they can access and share patient information within the healthcare system for providing medical care, processing payments, and conducting administrative activities necessary for the functioning of the hospital system.

Rate this question:
3.

An allowable incidental disclosure is:
- A.
  
  A visitor ovehears two nurses discussing a patient's condition on the elevator
- B.
  
  A therapist discusses the patient's clinical condition with the patient in a waiting room full of patients
- C.
  
  A patient overhears the doctor speaking to another patient in a shared hospital room.
- D.
  
  All of these examples are allowable incidental disclosures.
Correct Answer
C. A patient overhears the doctor speaking to another patient in a shared hospital room.

Explanation
All of the examples given involve incidental disclosures, which are unintentional disclosures of protected health information (PHI) that occur as a byproduct of a permitted use or disclosure. In this case, a patient overhearing the doctor speaking to another patient in a shared hospital room is considered an allowable incidental disclosure because it is not intentional and occurs in a setting where privacy cannot be fully maintained. However, it is important for healthcare providers to take reasonable steps to minimize incidental disclosures and protect patient privacy as much as possible.

Rate this question:
4.

Patients have the right to:
- A.
  
  Request access to their own medical record
- B.
  
  Request a revision to their medical record
- C.
  
  Request and accounting of the disclosures that have been made
- D.
  
  All of the above
Correct Answer
D. All of the above

Explanation
The correct answer is "All of the above" because patients have the right to request access to their own medical record, request a revision to their medical record, and request an accounting of the disclosures that have been made. These rights are essential for patients to have control over their medical information and ensure its accuracy and privacy.

Rate this question:

1
0
5.

At registration, patients are provided with a Notice of Privacy Practices that explains how their health information may be used.
- A.
  
  True
- B.
  
  False
Correct Answer
A. True

Explanation
The statement is true because it states that at registration, patients are provided with a Notice of Privacy Practices that explains how their health information may be used. This notice is a requirement under the Health Insurance Portability and Accountability Act (HIPAA) and ensures that patients are informed about their rights regarding the privacy and security of their health information. By providing this notice, healthcare providers are promoting transparency and giving patients the opportunity to make informed decisions about their healthcare.

Rate this question:
6.

It is ok to post patient information on a blog or social media site as long as CCHHS is not mentioned.
- A.
  
  True
- B.
  
  False
Correct Answer
B. False

Explanation
Posting patient information on a blog or social media site, even without mentioning CCHHS (Cook County Health and Hospitals System), is not acceptable. It is a violation of patient privacy and confidentiality. Healthcare providers are bound by laws and ethical standards to protect patient information and should never disclose it on public platforms.

Rate this question:
7.

Paper containing PHI can be disposed of in the regular trash
- A.
  
  True
- B.
  
  False
Correct Answer
B. False

Explanation
Paper containing PHI (Protected Health Information) cannot be disposed of in the regular trash because it contains sensitive and confidential information about individuals' health. Proper disposal of PHI is crucial to ensure privacy and prevent unauthorized access. HIPAA (Health Insurance Portability and Accountability Act) regulations require healthcare organizations to implement secure methods of disposal, such as shredding or incineration, to protect patient information. Therefore, the correct answer is False.

Rate this question:
8.

It is against CCHHS policy to access your own health information
- A.
  
  True
- B.
  
  False
Correct Answer
A. True

Explanation
According to the statement, it is against CCHHS (Cook County Health and Hospitals System) policy to access your own health information. This means that individuals are not allowed to access their own health records within the CCHHS system. Therefore, the answer is true.

Rate this question:
9.

If you suspect a privacy breach or you are aware of a privacy breach, you should:
- A.
  
  Tell the employee they should not be breaching a patient's privacy.
- B.
  
  Not worry about it because it is only one patient's information.
- C.
  
  Report your concern to your supervisor and to Corporate Compliance
- D.
  
  Call the patient and tell them you think their privacy was breached
Correct Answer
C. Report your concern to your supervisor and to Corporate Compliance

Explanation
If you suspect a privacy breach or are aware of one, it is important to report your concern to your supervisor and to Corporate Compliance. This is the correct course of action because it ensures that the appropriate authorities are made aware of the breach and can take appropriate action to address the situation. Telling the employee they should not be breaching a patient's privacy may not be sufficient in addressing the issue, as it may require further investigation and intervention. It is also not advisable to ignore the breach or contact the patient directly, as this may not be within your jurisdiction and could potentially complicate the situation further.

Rate this question:
10.

Which of the following is an example of proper password practice?
- A.
  
  Share passwords with co-workers
- B.
  
  Create a password using your name and birthdate so you can easily remember it.
- C.
  
  Create a password that is difficult to guess and is not based on your personal information. Use upper and lower case letters, numbers, and other characters.
- D.
  
  Write your password down and place the password next to your computer
Correct Answer
C. Create a password that is difficult to guess and is not based on your personal information. Use upper and lower case letters, numbers, and other characters.

Explanation
Creating a password that is difficult to guess and not based on personal information, while using a combination of upper and lower case letters, numbers, and other characters, is an example of proper password practice. This ensures that the password is strong and less vulnerable to hacking attempts. Sharing passwords with co-workers, using personal information in the password, and writing the password down and leaving it next to the computer are all examples of improper password practices that can compromise security.

Rate this question:

0
0

HIPAA And Corporate Compliance For Stroger Students And Rotators

Minimum Necessary means:

Cook County Health and Hospital System (CCHHS) may use and disclose PHI without patient authorization for:

An allowable incidental disclosure is:

Patients have the right to:

At registration, patients are provided with a Notice of Privacy Practices that explains how their health information may be used.

It is ok to post patient information on a blog or social media site as long as CCHHS is not mentioned.

Paper containing PHI can be disposed of in the regular trash

It is against CCHHS policy to access your own health information

If you suspect a privacy breach or you are aware of a privacy breach, you should:

Which of the following is an example of proper password practice?