CITI Training Exam Study Guide | 195 Questions with 100% Correct Answers

Privacy, in the health information context, refers to: - The rules about who can access health information, and under what circumstances. In the U.S., privacy protections for health information come from: - Federal, state, local, and private certification organizations' requirements With respect to permissions for uses and disclosures, HIPAA divides health information into three categories. Into which category do discussions with family members go? - Uses or disclosures that generally require oral agreement only. Under HIPAA, an organization is required to do which of the following? - Appoint a Privacy Officer to administer HIPAA rules. When patients receive a copy of an organization's privacy notice, why are they asked to sign an acknowledgment? - It shows they received it. Which of these is not a right under HIPAA? - To control all disclosures of information in the health record. HIPAA's "incidental uses and disclosures" provision excuses deviations from the minimum necessary standard. What is excused? - Truly accidental "excess" uses and disclosures, where reasonable caution was otherwise used and there was no negligence. When a privacy problem is discovered, which of the following is true? - Healthcare workers and patients are protected from intimidation or retaliation for reporting. What kinds of persons and organizations are affected by HIPAA's requirements? - Healthcare providers, health plans, and health information clearinghouses, as well as their business associates and by extension the workers for those organizations