HIPAA QUIZ Q&A
HIPAA (3) - Answer-- allows people to carry insurance from one employer to another
and to protect the privacy of their medical records while allowing the flow of information
in order to provide high quality health care
- HIPAA describes steps that must be taken to secure confidential electronic protected
health info from unintended disclosure through security breaches
- Limits the circumstances in which an individual's PHI (protected health information)
may be used or disclosed y many different organizations
Covered Entities (CEs) (3) - Answer-- Organizations that handle PHI as part of their
business e.g. doctors, dentists, hospitals, pharmacies, government programs that pay
for healthcare, behavioral health centers
- If you work for a CE, you must comply with HIPAA
- They're only allowed to release that info if you sign consent forms
HIPAA requires organizations to (8) - Answer-1. Provide a privacy notice that explains
their privacy policy
2. Safeguard individual's health information when we store or transmit it
3. Provide individuals access to their own health information as required by HIPAA
4. Obtain a valid, signed authorization form to disclose health information to third parties
5. Request, use, or disclose health information only as permitted by HIPAA
6. Provide training to employees on privacy policies and procedures
7. Keep records in a locked and secured setting
8. Shred rather than throw documents away
Business associates (BA) (3) - Answer-- Persons or entities who perform functions on
behalf of, or provide certain services to, a CE that involve PHI
- Responsible for carrying out contractual obligations and are directly liable for certain
HIPAA violations.
- All BAs must enter into a contract with a CE to ensure that they understand the
responsibility of safeguarding PHI
BA's responsibilities of safeguarding PHI (6) - Answer-• An answering service
• Billing company
• Shredding company
• Data warehouse
• Document storage vendor
• Accountants and lawyers
PHI - Answer-protected health information
Health information that is oral, electronic, or on paper and identifies or could be used to
identify an individual
, It is created or received by a healthcare provider, health plan, employer, or healthcare
clearing house and relates to:
- An individual's past, present, or future physical and mental health
- The provision of healthcare of an individual
- The past, present and future payment for healthcare that identifies an individual
HIPAA - Answer-Health insurance Portability and Accountability Act
Breaking of these rules can lead to - Answer-disciplinary actions and fines from $100
per offense up to $50 000. Can be fined for the same violation within a calendar year,
up to $1.5mill
4 tiers of penalties - Answer-Tier 1:
$100-50k per violation up to a $1.5 million limit for the same violation within the calendar
year, where the violator did not know about the violation
Tier 2:
$1k-50k per violation up to a $1.5 million limit for the same violation within the calendar
year, where the violation was due to reasonable cause
Tier 3:
$10k-50k per violation up to a $1.5 million limit for the same violation within the calendar
year, where the violation was due to willful neglect and was corrected within 30 days of
discovery
Tier 4:
$50k per violation up to a $1.5 million limit for the same violation within the calendar
year, where the violation was due to willful neglect and was not corrected within 30 days
of discovery
Penalties vary depending upon (3) - Answer-- If you knew about the violation
- If it was committed more than once
- How quickly it was corrected
Exceptions to breaking confidentiality and disclosing PHI without an authorization (10) -
Answer-1. For treatment - with professional colleagues for the purpose of treatment -
the provision, coordination, or management of care and services including consultation
between 2 providers and referral to a provider
2. Payment - to receive payment or reimbursement for the provision of care and
services
3. Healthcare operations - includes quality assessment, case management and
coordination, supervision, accreditation, training, conducting or arranging for medical
reviews, audits or legal services including fraud and abuse detection and compliance
programs; insurance, businesss planning, development, management, administration
4. Communicable disease and adverse event reporting
HIPAA (3) - Answer-- allows people to carry insurance from one employer to another
and to protect the privacy of their medical records while allowing the flow of information
in order to provide high quality health care
- HIPAA describes steps that must be taken to secure confidential electronic protected
health info from unintended disclosure through security breaches
- Limits the circumstances in which an individual's PHI (protected health information)
may be used or disclosed y many different organizations
Covered Entities (CEs) (3) - Answer-- Organizations that handle PHI as part of their
business e.g. doctors, dentists, hospitals, pharmacies, government programs that pay
for healthcare, behavioral health centers
- If you work for a CE, you must comply with HIPAA
- They're only allowed to release that info if you sign consent forms
HIPAA requires organizations to (8) - Answer-1. Provide a privacy notice that explains
their privacy policy
2. Safeguard individual's health information when we store or transmit it
3. Provide individuals access to their own health information as required by HIPAA
4. Obtain a valid, signed authorization form to disclose health information to third parties
5. Request, use, or disclose health information only as permitted by HIPAA
6. Provide training to employees on privacy policies and procedures
7. Keep records in a locked and secured setting
8. Shred rather than throw documents away
Business associates (BA) (3) - Answer-- Persons or entities who perform functions on
behalf of, or provide certain services to, a CE that involve PHI
- Responsible for carrying out contractual obligations and are directly liable for certain
HIPAA violations.
- All BAs must enter into a contract with a CE to ensure that they understand the
responsibility of safeguarding PHI
BA's responsibilities of safeguarding PHI (6) - Answer-• An answering service
• Billing company
• Shredding company
• Data warehouse
• Document storage vendor
• Accountants and lawyers
PHI - Answer-protected health information
Health information that is oral, electronic, or on paper and identifies or could be used to
identify an individual
, It is created or received by a healthcare provider, health plan, employer, or healthcare
clearing house and relates to:
- An individual's past, present, or future physical and mental health
- The provision of healthcare of an individual
- The past, present and future payment for healthcare that identifies an individual
HIPAA - Answer-Health insurance Portability and Accountability Act
Breaking of these rules can lead to - Answer-disciplinary actions and fines from $100
per offense up to $50 000. Can be fined for the same violation within a calendar year,
up to $1.5mill
4 tiers of penalties - Answer-Tier 1:
$100-50k per violation up to a $1.5 million limit for the same violation within the calendar
year, where the violator did not know about the violation
Tier 2:
$1k-50k per violation up to a $1.5 million limit for the same violation within the calendar
year, where the violation was due to reasonable cause
Tier 3:
$10k-50k per violation up to a $1.5 million limit for the same violation within the calendar
year, where the violation was due to willful neglect and was corrected within 30 days of
discovery
Tier 4:
$50k per violation up to a $1.5 million limit for the same violation within the calendar
year, where the violation was due to willful neglect and was not corrected within 30 days
of discovery
Penalties vary depending upon (3) - Answer-- If you knew about the violation
- If it was committed more than once
- How quickly it was corrected
Exceptions to breaking confidentiality and disclosing PHI without an authorization (10) -
Answer-1. For treatment - with professional colleagues for the purpose of treatment -
the provision, coordination, or management of care and services including consultation
between 2 providers and referral to a provider
2. Payment - to receive payment or reimbursement for the provision of care and
services
3. Healthcare operations - includes quality assessment, case management and
coordination, supervision, accreditation, training, conducting or arranging for medical
reviews, audits or legal services including fraud and abuse detection and compliance
programs; insurance, businesss planning, development, management, administration
4. Communicable disease and adverse event reporting
