HIPAA Overview Questions and Answers 100% Pass

HIPAA Overview Questions and Answers 100% Pass Which of the following would be considered PHI? A. An individual's first and last name and the medical diagnosis in a physician's progress report B. Individually identifiable health information (IIHI) in employment records held by a covered entity (CE) in its role as an employer C. Results of an eye exam taken at the DMV as part of a driving test D. IIHI of persons deceased more than 50 years - Answer- A. An individual's first and last name and the medical diagnosis in a physician's progress report Under HIPAA, a covered entity (CE) is defined as: A. A health plan. B. A health care clearinghouse. C. A health care provider engaged in standard electronic transactions covered by HIPAA D. All of the above - Answer- The correct answer is D. Under HIPAA, a CE is a health plan, a health care clearinghouse, or a health care provider engaged in standard electronic transactions covered by HIPAA. Select the best answer. The HIPAA Privacy Rule applies to which of the following? A. PHI transmitted orally B. PHI in paper form C. PHI transmitted electronically D. All of the above - Answer- The correct answer is D. The HIPAA Privacy Rule applies to PHI that is transmitted or maintained by a covered entity or a business associate in any form or medium. An incidental use or disclosure is not a violation of the HIPAA Privacy Rule if the covered entity (CE) has: A. Implemented the minimum necessary standard B. Established appropriate administrative safeguards C. Established appropriate physical and technical safeguards D. All of the above - Answer- The correct answer is D. An incidental use or disclosure is an unintended use or disclosure that occurs as a result of another use or disclosure that is permitted by the HIPAA Privacy Rule. Uses or disclosures that occur when carrying out a use or disclosure that is permitted or required by HIPAA are not considered a violation of the HIPAA Privacy Rule, provided that the CE has implemented the minimum necessary standard and established appropriate administrative, physical, and technical safeguards Select the best answer. Which of the following are true statements about limited data sets? A. A limited data set is PHI that excludes 16 specific direct identifiers of the individual or relatives, employers or household members of the individual, as set forth in the HIPAA Privacy Rule and DoD 's implementing issuance B. A limited data set can be used or disclosed only for the purposes of research, public health or health care operations C. When disclosing a limited data set, covered entities (CEs)/MTFs are required to obtain satisfactory assurances, in the form of a Data Use Agreement (DUA), signed by the recipient D. All of the above - Answer- The correct answer is D. A limited data set is PHI that excludes specific direct identifiers of the individual or relatives, employers or household members of the individual. It can be used or disclosed only for the purposes of research, public health or health care operations. When disclosing a limited data set, CEs/MTFs are required to obtain satisfactory assurances, in the form of a DUA, signed by the recipient. How should John advise the staff member to proceed? A. John should advise the staff member to take the man's word for it and allow him to enter. B. John should advise the staff member to deny the man's request and indicate that access cannot be gained without his ID badge C. John should advise the staff member to have the man contact the help desk to assist him in gaining a temporary access card or another approved alternative means of access. D. Both B and C - Answer- The correct answer is D. This scenario illustrates a good example of a physical safeguard in the form of an access control to a secure area of the Valley Forge MTF. Pursuant to the HIPAA Security Rule, covered entities must maintain secure access (for example, facility door locks) in areas where PHI is located. Allowing an unidentified individual to bypass a security entrance in this scenario violates the HIPAA Security Rule and exposes the MTF and its patients to a potential breach situation. Was this a violation of HIPAA security safeguards? A. Yes B. No - Answer- The correct answer is A - Yes. Thomas violated DoD's policy in downloading ePHI to a flash drive. As a result of this policy violation, Thomas put the ePHI of a significant number of Valley Forge MTF patients at risk and will be subject to disciplinary action consistent with Valley Forge MTF's workforce sanction policy. Both of these policies serve as good examples of administrative safeguards required by the HIPAA Security Rule. Further, this scenario presents additional risk in that the ePHI on the misplaced flash drive may not be encrypted. Under the HIPAA Security Rule, encryption is a technical safeguard that can protect ePHI at rest and through transmission. DoD covered entities should always utilize encryption when PII or PHI is