HIPAA Exam Questions with Verified
Solutions
What is HIPPA - ANSWER-It is short for Health Insurance Portability and Accountability
Act. Passed by Congress in 1996, HIPAA is a United States federal law that protects
the privacy and security of health information.
What Information is Protected? - ANSWER-HIPAA protects ALL personal health
information of a patient, including physical and mental health information, payment
information, and demographic information. It applies to all oral, written, and electronic
forms. Collectively, the information is referred to as protected health information, or PHI.
PHI can be used and disclosed by covered entities and business associates as long as
they remain compliant with HIPAA.
A HIPAA covered entity refers to a - ANSWER-person, agency, or practice that provides
treatment, payment, and operations in healthcare. Covered entities include:
Health plans (such as health insurance companies)
Healthcare clearinghousse (such as billing companies)
Healthcare providers (such as doctors, hospitals, laboratories, and pharmacies)
Covered entities need to access, use, and disclose protected health information (PHI) in
order to perform their job duties. Therefore, they must be compliant with HIPAA.
A business associate is a - ANSWER-separate entity that provides services to or on
behalf of the covered entity that may involve the use and disclosure of PHI.
A business associate agreement (BAA) must be in place between - ANSWER-covered
entities and their business associates. This contract defines the processes that will be
implemented and outlines the permissible uses and disclosures of PHI by the business
associate. A business associate may use or disclose PHI only as permitted or required
by the BAA or as required by law. If the business associate has a subcontractor, then
that subcontractor must also have and adhere to a BAA with the covered entity.
The HIPAA Privacy Rule went into effect - ANSWER-April 14, 2003. It protects the
confidentiality of patients' health data by regulating:
How PHI is used
To whom PHI is disclosed
How and where PHI is maintained
Under the HIPAA Privacy Rule, PHI regulations apply to all forms, including oral,
written, and electronic communications. - ANSWER-The HIPAA Privacy Rule:
Requires reasonable security measures to protect patients' health information
, Establishes accountability for use and release of PHI
Gives patients rights regarding their health information
The intent of the HIPAA Privacy Rule is to protect - ANSWER-the privacy of patients
seeking health care while simultaneously permitting important uses of health
information.
The Privacy Rule limits the - ANSWER-the use and disclosure of PHI and establishes
patient rights.
The Privacy Rule allows covered entities to analyze - ANSWER-their own needs and to
implement programs based on their own environment. However, it requires that all new
privacy policies and procedures are compliant with the Privacy Rule and monitored at
least annually.
The Privacy Rule also requires covered entities to develop processes to handle
complaints. The covered entity must identify - ANSWER-where individuals can submit
complaints. They must advise that complaints can also be submitted to the Secretary of
Health and Human Services (HHS), without fear of retaliation for submitting the
complaint.
"Minimum necessary" means that the - ANSWER-laboratory will use and disclose only
the minimum PHI necessary to accomplish its intended purpose, such as resulting the
requested test. The regulation recognizes that there are situations when all of the PHI
on a patient can be released. These include when:
Releasing PHI to another covered entity for treatment
Releasing PHI to the patient who is the subject of the information
A patient has signed an authorization to release the PHI
Required by law
Health information is considered de-identified if it cannot be used to identify an
individual. Other terms for de-identified health information are - ANSWER-anonymous,
aggregated, and scrubbed.
The Privacy Rule details the specific patient information that needs to be removed from
PHI for it to qualify as de-identified. Some examples include: - ANSWER-Names
Dates, such as birthdays
Geographic locations more specific than states
Telephone numbers
Social security numbers
Medical record numbers
Full face photos or comparable images
When PHI is de-identified, it is no longer considered protected. De-identified health
information should be used whenever - ANSWER-patient identification is unnecessary.
Solutions
What is HIPPA - ANSWER-It is short for Health Insurance Portability and Accountability
Act. Passed by Congress in 1996, HIPAA is a United States federal law that protects
the privacy and security of health information.
What Information is Protected? - ANSWER-HIPAA protects ALL personal health
information of a patient, including physical and mental health information, payment
information, and demographic information. It applies to all oral, written, and electronic
forms. Collectively, the information is referred to as protected health information, or PHI.
PHI can be used and disclosed by covered entities and business associates as long as
they remain compliant with HIPAA.
A HIPAA covered entity refers to a - ANSWER-person, agency, or practice that provides
treatment, payment, and operations in healthcare. Covered entities include:
Health plans (such as health insurance companies)
Healthcare clearinghousse (such as billing companies)
Healthcare providers (such as doctors, hospitals, laboratories, and pharmacies)
Covered entities need to access, use, and disclose protected health information (PHI) in
order to perform their job duties. Therefore, they must be compliant with HIPAA.
A business associate is a - ANSWER-separate entity that provides services to or on
behalf of the covered entity that may involve the use and disclosure of PHI.
A business associate agreement (BAA) must be in place between - ANSWER-covered
entities and their business associates. This contract defines the processes that will be
implemented and outlines the permissible uses and disclosures of PHI by the business
associate. A business associate may use or disclose PHI only as permitted or required
by the BAA or as required by law. If the business associate has a subcontractor, then
that subcontractor must also have and adhere to a BAA with the covered entity.
The HIPAA Privacy Rule went into effect - ANSWER-April 14, 2003. It protects the
confidentiality of patients' health data by regulating:
How PHI is used
To whom PHI is disclosed
How and where PHI is maintained
Under the HIPAA Privacy Rule, PHI regulations apply to all forms, including oral,
written, and electronic communications. - ANSWER-The HIPAA Privacy Rule:
Requires reasonable security measures to protect patients' health information
, Establishes accountability for use and release of PHI
Gives patients rights regarding their health information
The intent of the HIPAA Privacy Rule is to protect - ANSWER-the privacy of patients
seeking health care while simultaneously permitting important uses of health
information.
The Privacy Rule limits the - ANSWER-the use and disclosure of PHI and establishes
patient rights.
The Privacy Rule allows covered entities to analyze - ANSWER-their own needs and to
implement programs based on their own environment. However, it requires that all new
privacy policies and procedures are compliant with the Privacy Rule and monitored at
least annually.
The Privacy Rule also requires covered entities to develop processes to handle
complaints. The covered entity must identify - ANSWER-where individuals can submit
complaints. They must advise that complaints can also be submitted to the Secretary of
Health and Human Services (HHS), without fear of retaliation for submitting the
complaint.
"Minimum necessary" means that the - ANSWER-laboratory will use and disclose only
the minimum PHI necessary to accomplish its intended purpose, such as resulting the
requested test. The regulation recognizes that there are situations when all of the PHI
on a patient can be released. These include when:
Releasing PHI to another covered entity for treatment
Releasing PHI to the patient who is the subject of the information
A patient has signed an authorization to release the PHI
Required by law
Health information is considered de-identified if it cannot be used to identify an
individual. Other terms for de-identified health information are - ANSWER-anonymous,
aggregated, and scrubbed.
The Privacy Rule details the specific patient information that needs to be removed from
PHI for it to qualify as de-identified. Some examples include: - ANSWER-Names
Dates, such as birthdays
Geographic locations more specific than states
Telephone numbers
Social security numbers
Medical record numbers
Full face photos or comparable images
When PHI is de-identified, it is no longer considered protected. De-identified health
information should be used whenever - ANSWER-patient identification is unnecessary.
