Healthstream – HIPAA UPDATED
ACTUAL Questions and CORRECT
Answers
An organization that ______ must follow HIPAA:
- Sends PHI electronically
- Receives PHI electronically
- Uses a third-party vendor that sends PHI electronically
- Uses a third-party vendor that receives PHI electronically
- All of the above - CORRECT ANSWER - - All of the above
An organization that sends or receives PHI electronically or that uses a third-party vendor that
sends or receives PHI electronically must follow HIPAA.
Under HIPAA termination procedures:
- Protect electronic PHI from being corrupted
- Prevent ex-employees from accessing electronic PHI
- Ensure that backup copies of electronic PHI will be made
- Punish employees who do not follow administrative safeguards - CORRECT ANSWER -
- Prevent ex-employees from accessing electronic PHI
Under HIPAA:
- All employees should have physical access to electronic PHI
- All employees should have authorization to access electronic PHI
- Employees who need access to PHI should have physical access and authorization
, - None of the above - CORRECT ANSWER - - Employees who need access to PHI should
have physical access and authorization
Covered enmtities must comply with a patient's request to:
- Amend PHI
- Review and obtain a copy of PHI
- Restrict disclosure of PHI to providers involved in the patient's care
- All of the above - CORRECT ANSWER - - Review and obtain a copy of PHI
Patients can restrict disclosure of their treatment if it is of a personal nature. For example, they
can ask that the insureamce company not be told of their nicotine patch use:
- True
-False - CORRECT ANSWER - -False
This statement is only true of the patient pays the provider in full, out of pocket.
Laptops from a hospital were taken off-sire by employees. The laptops were stolen. They
contained PHI for over 400 patients. Who may be subject to fine or penalty?
- The hospital
- The employees, if they work for the hospital
- A business associate, if involved
- Any of the above - CORRECT ANSWER - - Any of the above
Any of these may be liable. Employees and business associates can now be subject to civil or
criminal penalty and/or fine.
ACTUAL Questions and CORRECT
Answers
An organization that ______ must follow HIPAA:
- Sends PHI electronically
- Receives PHI electronically
- Uses a third-party vendor that sends PHI electronically
- Uses a third-party vendor that receives PHI electronically
- All of the above - CORRECT ANSWER - - All of the above
An organization that sends or receives PHI electronically or that uses a third-party vendor that
sends or receives PHI electronically must follow HIPAA.
Under HIPAA termination procedures:
- Protect electronic PHI from being corrupted
- Prevent ex-employees from accessing electronic PHI
- Ensure that backup copies of electronic PHI will be made
- Punish employees who do not follow administrative safeguards - CORRECT ANSWER -
- Prevent ex-employees from accessing electronic PHI
Under HIPAA:
- All employees should have physical access to electronic PHI
- All employees should have authorization to access electronic PHI
- Employees who need access to PHI should have physical access and authorization
, - None of the above - CORRECT ANSWER - - Employees who need access to PHI should
have physical access and authorization
Covered enmtities must comply with a patient's request to:
- Amend PHI
- Review and obtain a copy of PHI
- Restrict disclosure of PHI to providers involved in the patient's care
- All of the above - CORRECT ANSWER - - Review and obtain a copy of PHI
Patients can restrict disclosure of their treatment if it is of a personal nature. For example, they
can ask that the insureamce company not be told of their nicotine patch use:
- True
-False - CORRECT ANSWER - -False
This statement is only true of the patient pays the provider in full, out of pocket.
Laptops from a hospital were taken off-sire by employees. The laptops were stolen. They
contained PHI for over 400 patients. Who may be subject to fine or penalty?
- The hospital
- The employees, if they work for the hospital
- A business associate, if involved
- Any of the above - CORRECT ANSWER - - Any of the above
Any of these may be liable. Employees and business associates can now be subject to civil or
criminal penalty and/or fine.
