ODS HIPPA EXAM QUESTIONS & ANSWERS
1. HIPAA: The Health Insurance and Portability and Accountability Act protects individually identifiable health infor-
mation
2. Under HIPAA what rights do patients have?: to see their own medical information and make a
request to amend information in the record
3. Under HIPAA what is put in place to protect patients?: Limits are set as to who can see
the patient's medical information
4. What can patients limit under HIPAA?: The ways in which medical info is communicated and/or
disclosed.
5. What can patients do if they believe their rights are being violated?: file complaints
6. Examples of covered entities: Health Plans - including health insurance companies, Health Mainte-
nance Organizations (HMOs), company health plans, and certain government programs that pay for health care, such
as Medicare and Medicaid.
Most Health Care Providers - those that conduct certain business electronically, such as electronically billing health
insurance—including most doctors, clinics, hospitals, psychologists, chiropractors, nursing homes, pharmacies, and
dentists.
Health Care Clearinghouses - entities that process nonstandard health information they receive from another entity into a
standard (i.e., standard electronic format or data content), or vice versa.
7. Covered entities: Health Plans, most Health care providers, Health Care Clearinghouses
8. Business associates: contractors, subcontractors, and other outside persons and companies that are not
employees of a covered entity
9. Examples of business associates include: -Companies that help doctors get paid for providing
health care, including billing companies and companies that process health care claims
-Companies that help administer health plans
-Outside lawyers, accountants, and IT specialists
-Companies that store or destroy medical records
,10. Business associates (including subcontractors) must follow: the use and disclosure
provisions of their contracts and the Privacy Rule, and the safeguard requirements of the Security Rule.
11. What does HIPAA consider identifiable health information?: Condition of the patient,
Treatment of the patient & Billing
12. information is considered individually identifiable if it identifies the
patient by: -Name
-Address
, -Social Security Number (SSN)
-Telephone and fax numbers
-Email address
-Medical record number
-Medical history & treatment
-Dates of birth, admission, discharge, death
-Health plan beneficiary number
-Credit card account number
-Certificate/license number
-Any vehicle or other device serial number
-Web URL
-Internet Protocol (IP) address
-Finger or voiceprints
-Photographic images
-Financial information (insurance, credit/debit card numbers)
-Information that permits reasonable deduction to the patient's identity
13. Privacy Program: HIPAA mandates that covered entities designate a privacy oflcial to develop and imple-
ment policies for protecting privacy and handle questions and complaints. HIPAA also requires training of personnel.
14. Patient Rights: the right to be given a notice about the privacy practices of a covered entity, the right to
access PHI, and the right to file a complaint alleging a HIPAA violation without retaliation.
15. Security Safeguards: For electronic-PHI, the HIPAA Security Rule provides a detailed series of adminis-
trative, physical, and technical requirements.
16. State Law: HIPAA does not preempt stronger state law protections in cases where a more protective state law is
in ettect.
17. Limitations on Disclosure & Use: HIPAA requires that people authorize disclosure of their PHI
1. HIPAA: The Health Insurance and Portability and Accountability Act protects individually identifiable health infor-
mation
2. Under HIPAA what rights do patients have?: to see their own medical information and make a
request to amend information in the record
3. Under HIPAA what is put in place to protect patients?: Limits are set as to who can see
the patient's medical information
4. What can patients limit under HIPAA?: The ways in which medical info is communicated and/or
disclosed.
5. What can patients do if they believe their rights are being violated?: file complaints
6. Examples of covered entities: Health Plans - including health insurance companies, Health Mainte-
nance Organizations (HMOs), company health plans, and certain government programs that pay for health care, such
as Medicare and Medicaid.
Most Health Care Providers - those that conduct certain business electronically, such as electronically billing health
insurance—including most doctors, clinics, hospitals, psychologists, chiropractors, nursing homes, pharmacies, and
dentists.
Health Care Clearinghouses - entities that process nonstandard health information they receive from another entity into a
standard (i.e., standard electronic format or data content), or vice versa.
7. Covered entities: Health Plans, most Health care providers, Health Care Clearinghouses
8. Business associates: contractors, subcontractors, and other outside persons and companies that are not
employees of a covered entity
9. Examples of business associates include: -Companies that help doctors get paid for providing
health care, including billing companies and companies that process health care claims
-Companies that help administer health plans
-Outside lawyers, accountants, and IT specialists
-Companies that store or destroy medical records
,10. Business associates (including subcontractors) must follow: the use and disclosure
provisions of their contracts and the Privacy Rule, and the safeguard requirements of the Security Rule.
11. What does HIPAA consider identifiable health information?: Condition of the patient,
Treatment of the patient & Billing
12. information is considered individually identifiable if it identifies the
patient by: -Name
-Address
, -Social Security Number (SSN)
-Telephone and fax numbers
-Email address
-Medical record number
-Medical history & treatment
-Dates of birth, admission, discharge, death
-Health plan beneficiary number
-Credit card account number
-Certificate/license number
-Any vehicle or other device serial number
-Web URL
-Internet Protocol (IP) address
-Finger or voiceprints
-Photographic images
-Financial information (insurance, credit/debit card numbers)
-Information that permits reasonable deduction to the patient's identity
13. Privacy Program: HIPAA mandates that covered entities designate a privacy oflcial to develop and imple-
ment policies for protecting privacy and handle questions and complaints. HIPAA also requires training of personnel.
14. Patient Rights: the right to be given a notice about the privacy practices of a covered entity, the right to
access PHI, and the right to file a complaint alleging a HIPAA violation without retaliation.
15. Security Safeguards: For electronic-PHI, the HIPAA Security Rule provides a detailed series of adminis-
trative, physical, and technical requirements.
16. State Law: HIPAA does not preempt stronger state law protections in cases where a more protective state law is
in ettect.
17. Limitations on Disclosure & Use: HIPAA requires that people authorize disclosure of their PHI
