Data Privacy and Confidentiality VERIFIED 100% SOLUTIONS

Data Privacy and Confidentiality VERIFIED 100% SOLUTIONS Which of the following is true of the Health Insurance Portability and Accountability Act (HIPAA)? a. Provides a federal floor for healthcare privacy b. Duplicates state laws c. Does not need to be followed if it is not feasible to do so d. Duplicates Joint Commission standards - ANSWER a. Provides a federal floor for healthcare privacy Under the HIPAA Privacy Rule, an impermissible use or disclosure should be presumed to be a breach unless the covered entity or business associate demonstrates that the probability the PHI has been compromised is __________. a. High b. Moderate c. Low d. Non-existent - ANSWER c. Low Under the HIPAA Privacy Rule, which of the following is a covered entity category? a. Business associate b. Healthcare clearinghouse c. Physician office d. Document disposal company - ANSWER b. Healthcare clearinghouse Under usual circumstances, a covered entity must act on a patient's request to review or copy his or her health information within what time frame? a. 10 days b. 20 days c. 30 days d. 60 days - ANSWER c. 30 days The HIPAA Privacy Rule requires that covered entities limit use, access, and disclosure of PHI to the least amount necessary to accomplish the intended purpose. What concept is this? a. Minimum necessary b. Notice of privacy practice c. Authorization d. Consent - ANSWER a. Minimum necessary Which of the following should be included in a covered entity's notice of privacy practices? a. Description with one example of disclosures made for treatment purposes b. Description of one other purposes for which a covered entity is permitted or required to disclose PHI without consent or authorization c. Statement of the healthcare organization's rights d. Patient's signature and e-mail address - ANSWER a. Description with one example of disclosures made for treatment purposes Which of the following is true of the notice of privacy practices? a. It must be made available at the corporate headquarters b. It must be posted in a prominent place c. Its content cannot be changed d. It cannot be posted on the website - ANSWER b. It must be posted in a prominent place Which of the following statements is true? a. An authorization must contain an expiration date or event b. A consent for use and disclosure of information must be obtained from every patient. c. An authorization must be obtained for uses and disclosures for treatment, payment, and operations. d. A notice of privacy practices must give ten examples of a use or disclosure for healthcare operations. - ANSWER c. An authorization must be obtained for uses and disclosures for treatment, payment, and operations. In which of the following instances must patient authorization be obtained prior to disclosure? a. To an insurance company for payment b. To the patient's attorney c. To public health authorities as required by law d. To another provider for treatment - ANSWER a. To an insurance company for payment Which of the following is true about a facility's patient directory? a. A written authorization from the patient is required before any information about the patient is placed in a facility directory. b. Only the patient's name may be placed in a facility directory. c. The covered entity must inform the individual of the information to be included in the facility directory. d. Because this is considered a normal hospital operation, an individual may not prohibit his or her inclusion in the directory - ANSWER c. The covered entity must inform the individual of the information to be included in the facility directory. Which of the following statemen