1. Covered entities are required to implement which of the following safeguards regarding electronic protected health information (PHI):
A. Physical safeguards to protect things like computer file servers and other physical file locations.
B. Technical safeguards such as password security, automatic logoff features and other security measures.
C. Administrative safeguards such as policies and procedures about protecting electronic PHI that should be followed by all workforce members at the organization
D. All of the above.
2. When does state privacy law supersede HIPAA?
When state privacy law is more protective than HIPAA
3. Which of the following is NOT an example of physical security?
Data encryption
4. De-Identification refers to ensuring that all of the individually identifiable information is identified and included in any HIPAA standard transaction.
False
5. Within HIPAA how does Security differ from Privacy?
Security defines safeguards for ePHI versus Privacy which defines safeguards for PHI
6. The five titles under HIPAA fall logically into which two major categories:
Administrative Simplification and Insurance Reform
7. Which standard is for controlling and safeguarding of PHI in all forms?
Privacy Standards
8. Within HIPAA how does Security differ from Privacy?
Security defines safeguards for ePHI versus Privacy which defines safeguards for PHI
9. Which of these statements accurately reflects the definition of protected health information (PHI)?
A. PHI does not include PHI in transit.
B. PHI does not include a physician's hand written notes about the patient's treatment.
C. PHI does not include data that is stored or processed.
D. PHI includes PHI stored on any form of media.
10. Which of the following are requirements associated with the Notice of Privacy Practices?
All of the above
11. The HIPAA Security Rule is a technology neutral, federally mandated "floor" of protection whose primary objective is to protect the confidentiality, integrity, and availability of individually identifiable health information in electronic form when it is stored, maintained, or transmitted.
True
12. An authorization is required for which of the following?
Non-routine disclosures
13. Which law takes precedence when there is a difference in laws?
State law when it is more restrictive
14. Which of these entities could be considered a business associate?
All of the above
15. Who enforces HIPAA?
Department of Health and Human Services
16. The Security Rule allows covered entities and business associates to take into account:
All of the above
17. Of the following, which are implications of non-compliance with HIPAA?
All of the above
18. Which of the following statements is accurate regarding the "Minimum Necessary" rule in the HIPAA regulations?
Covered entities and business associated are required to limit the use or disclosure or PHI to the minimum necessary to accomplish the intended or specified purpose.
What does PHI stand for?
Protected Health Information
19. The HIPAA Officer is responsible to train which group of workers in a facility?
a. Nursing staff, radiology department staff, laboratory staff, and medical staff
b. Housekeeping staff and maintenance staff
c. Office workers (medical records and business office/patient accounts staff)
d. a and c
e. a, b, and c
20. Covered Entities may also use or disclose PHI without authorization in the following circumstances EXCEPT:
A. Emergencies involving imminent threat to health or safety (to the individual or the public)
B. Where required by law
C. Law enforcement
D. Medical research with information that identifies the individual
E. Public health activities
F. Workers' compensation
0
494