HIPAA Test Review with Accurate
Solutions
_____________ refers to who should have access to health information, what
constitutes the patient's rights to confidentiality, and what constitutes inappropriate
access to health records - ANSWER-privacy
Lane Hospital has a contract with Sani-Clean, a local company, to come into the
hospital to pick up the facility's linens for off-site laundering. Sani-Clean is: - ANSWER-
not a business associate because it does not use or disclose individually identifiable
health information
When a patient revokes authorization for release of information after a healthcare entity
has already released the information, the healthcare entity in this case: - ANSWER-is
protected by the privacy act
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was originally
established to achieve all of the following except - ANSWER-establish standard
terminology for EHRs
True or false? A covered entity is a health plan, healthcare clearinghouse, or healthcare
provider that stores confidential records. - ANSWER-false
Employees in the hospital's Patient Accounting office may have legitimate access to
patient health information without patient authorization based on what HIPAA standard /
principle? - ANSWER-minimum necessary
What is "Right to Accounting Disclosures" - ANSWER-patient's right to know who their
PHI has been released to
OCR (Office for Civil Rights) - ANSWER-Department of Health and Human Services
who investigate patient reports of HIPAA violations & conduct CE audits
Notice of Privacy Practices (NPP) - ANSWER-published notice to patients of their
HIPAA rights
-must be acknowledged in writing once
-has to be signed first but not every visit on file for 6 years
NPP Must Include... - ANSWER--how PHI will be used and disclosed
-patients rights including right to complain
-CE's responsibility to keep PHI private
, -who patient can contact to get more info
"Uses" - ANSWER-PHI used within the CE
"Disclosures" - ANSWER-PHI shared outside CE
Patient Rights - ANSWER--notice of privacy practices (NPP)
-view/obtain copy of record
-request record to be amended
-obtain accounting disclosures
-communications be kept confidential
-request restrictions on access to their record
-submit complaints
Provider Responsibility - ANSWER--policies and procedures
-designate privacy officer and complaint recipient
-mitigate wrongful use and disclosure
-establish data safeguards
-prohibit against retaliation and waiver
-retain HIPAA documentation
Acknowledgment of Receipt of NPP - ANSWER-signature from patient indicating they
have been notified of their HIPAA rights
-I read, I understand it, I accept NPP
HIPAA Privacy Officer - ANSWER-individual within CE's organization who is responsible
for receiving patient complaints and assuring compliance with HIPAA regulations
-provider responsibility
Authorization - ANSWER-signed permission from the patient to permit release of his/her
PHI for uses other than TPO
Elements of Valid Authorization - ANSWER--names
-telephone numbers
-fax numbers
-e-mail addresses
-social security numbers
-medical record numbers
Incidental Uses and Disclosures - ANSWER-when a CE accidentally divulges PHI and
is not found guilty of a HIPAA violation
-EX. a doctor talking too loudly that the person in the next room over hears him
HIPAA Security - ANSWER-protections put into place to safeguard PHI
-EX. passwords, encryptions
Solutions
_____________ refers to who should have access to health information, what
constitutes the patient's rights to confidentiality, and what constitutes inappropriate
access to health records - ANSWER-privacy
Lane Hospital has a contract with Sani-Clean, a local company, to come into the
hospital to pick up the facility's linens for off-site laundering. Sani-Clean is: - ANSWER-
not a business associate because it does not use or disclose individually identifiable
health information
When a patient revokes authorization for release of information after a healthcare entity
has already released the information, the healthcare entity in this case: - ANSWER-is
protected by the privacy act
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was originally
established to achieve all of the following except - ANSWER-establish standard
terminology for EHRs
True or false? A covered entity is a health plan, healthcare clearinghouse, or healthcare
provider that stores confidential records. - ANSWER-false
Employees in the hospital's Patient Accounting office may have legitimate access to
patient health information without patient authorization based on what HIPAA standard /
principle? - ANSWER-minimum necessary
What is "Right to Accounting Disclosures" - ANSWER-patient's right to know who their
PHI has been released to
OCR (Office for Civil Rights) - ANSWER-Department of Health and Human Services
who investigate patient reports of HIPAA violations & conduct CE audits
Notice of Privacy Practices (NPP) - ANSWER-published notice to patients of their
HIPAA rights
-must be acknowledged in writing once
-has to be signed first but not every visit on file for 6 years
NPP Must Include... - ANSWER--how PHI will be used and disclosed
-patients rights including right to complain
-CE's responsibility to keep PHI private
, -who patient can contact to get more info
"Uses" - ANSWER-PHI used within the CE
"Disclosures" - ANSWER-PHI shared outside CE
Patient Rights - ANSWER--notice of privacy practices (NPP)
-view/obtain copy of record
-request record to be amended
-obtain accounting disclosures
-communications be kept confidential
-request restrictions on access to their record
-submit complaints
Provider Responsibility - ANSWER--policies and procedures
-designate privacy officer and complaint recipient
-mitigate wrongful use and disclosure
-establish data safeguards
-prohibit against retaliation and waiver
-retain HIPAA documentation
Acknowledgment of Receipt of NPP - ANSWER-signature from patient indicating they
have been notified of their HIPAA rights
-I read, I understand it, I accept NPP
HIPAA Privacy Officer - ANSWER-individual within CE's organization who is responsible
for receiving patient complaints and assuring compliance with HIPAA regulations
-provider responsibility
Authorization - ANSWER-signed permission from the patient to permit release of his/her
PHI for uses other than TPO
Elements of Valid Authorization - ANSWER--names
-telephone numbers
-fax numbers
-e-mail addresses
-social security numbers
-medical record numbers
Incidental Uses and Disclosures - ANSWER-when a CE accidentally divulges PHI and
is not found guilty of a HIPAA violation
-EX. a doctor talking too loudly that the person in the next room over hears him
HIPAA Security - ANSWER-protections put into place to safeguard PHI
-EX. passwords, encryptions
