HIPAA LESSONS 5 & 6 QUESTIONS AND
ANSWERS
The general rule is that if a state law is less protective of the individual, then it takes
precedence over HIPAA. Conversely, if a state law is more protective of the individual
than HIPAA, then HIPAA takes precedence. - Answer-False
To find out more about your state's medical privacy laws and how they interact with
HIPAA, you can contact - Answer-Your local Department of Health and Human Services
Select all of the common areas that state laws may interact with HIPAA - Answer-
Breach notification requirements
Substance abuse
Patient consent
Sensitive Diagnosis
Consumer protections/opt-ins
Mental health
Under Texas HB 300, any organization conducting business in Texas that owns or
licenses computerized data that includes SPI (Sensitive Personal Information) not just
PHI must notify Texas residents if their information was breached - Answer-True
Each of the following are ways that Texas HB 300 expands individual privacy
protections beyond HIPAA EXCEPT: - Answer-Expands the definition of HIPAA
Minimum Necessary Disclosure
Each of the following are ways that California Confidentiality of Medical Information Act
(CMIA) expands individual privacy protections beyond HIPAA EXCEPT: - Answer-
Expanding scope of privacy to non-medical related information
All of the following are implications of non-compliance with HIPAA EXCEPT: - Answer-
Having to file a public notice of your no-compliance in the newspaper
The Privacy and Security rules specified by HIPAA are reasonable and scalable to
account for the nature of each organization's culture, size, and resources. Each
organization will determine its own private policies and security practices within the
context of the HIPAA requirements and its own capabilities and needs - Answer-True
What is the key to HIPAA compliance? - Answer-Education
When should you promote HIPAA awareness? - Answer-At the very beginning of the
compliance process
ANSWERS
The general rule is that if a state law is less protective of the individual, then it takes
precedence over HIPAA. Conversely, if a state law is more protective of the individual
than HIPAA, then HIPAA takes precedence. - Answer-False
To find out more about your state's medical privacy laws and how they interact with
HIPAA, you can contact - Answer-Your local Department of Health and Human Services
Select all of the common areas that state laws may interact with HIPAA - Answer-
Breach notification requirements
Substance abuse
Patient consent
Sensitive Diagnosis
Consumer protections/opt-ins
Mental health
Under Texas HB 300, any organization conducting business in Texas that owns or
licenses computerized data that includes SPI (Sensitive Personal Information) not just
PHI must notify Texas residents if their information was breached - Answer-True
Each of the following are ways that Texas HB 300 expands individual privacy
protections beyond HIPAA EXCEPT: - Answer-Expands the definition of HIPAA
Minimum Necessary Disclosure
Each of the following are ways that California Confidentiality of Medical Information Act
(CMIA) expands individual privacy protections beyond HIPAA EXCEPT: - Answer-
Expanding scope of privacy to non-medical related information
All of the following are implications of non-compliance with HIPAA EXCEPT: - Answer-
Having to file a public notice of your no-compliance in the newspaper
The Privacy and Security rules specified by HIPAA are reasonable and scalable to
account for the nature of each organization's culture, size, and resources. Each
organization will determine its own private policies and security practices within the
context of the HIPAA requirements and its own capabilities and needs - Answer-True
What is the key to HIPAA compliance? - Answer-Education
When should you promote HIPAA awareness? - Answer-At the very beginning of the
compliance process
