Under HIPAA, a covered entity (CE) is defined as: - ANSWER All of the above
Under HIPAA, a CE is a health plan, a health care clearinghouse, or a health care
provider engaged in standard electronic transactions covered by HIPAA.
The minimum necessary standard: - ANSWER All of the above
The minimum necessary standard limits uses, disclosures, and requests for PHI to
the minimum necessary amount of PHI needed to carry out the intended purposes of
the use or disclosure. The minimum necessary standard does not apply to
disclosures to, or requests by, a health care provider for treatment purposes. It also
does not apply to uses or disclosures made to the individual or pursuant to the
individual's authorization.
Which of the following would be considered PHI? - ANSWER An individual's first
and last name and the medical diagnosis in a physician's progress report
The HIPAA Privacy Rule applies to which of the following? - ANSWER All of the
above
The HIPAA Privacy Rule applies to PHI that is transmitted or maintained by a
covered entity or a business associate in any form or medium.
Which of the following statements about the HIPAA Security Rule are true? -
ANSWER All of the above
The HIPAA Security Rule: Established a national set of standards for the protection
of PHI that is created, received, maintained, or transmitted in electronic media by a
HIPAA CE or BA; protects ePHI; and addresses three types of safeguards -
administrative, technical and physical - that must be in place to secure individuals'
ePHI.
The HIPAA Security Rule applies to which of the following: - ANSWER PHI
transmitted electronically
Which of the following are fundamental objectives of information security? -
ANSWER All of the above
Confidentiality, Integrity, and Availability are the fundamental objectives of health
information security and the HIPAA Security Rule requires covered entities and
business associates to protect against threats and hazards to these objectives.
Technical safeguards are: - ANSWER Information technology and the associated
policies and procedures that are used to protect and control access to ePHI
If an individual believes that a DoD covered entity (CE) is not complying with
HIPAA, he or she may file a complaint with the: - ANSWER All of the above
, PAEDS REFRESHER TEST2024.
If an individual believes that a DoD CE is not complying with HIPAA he or she may
file a complaint with the DHA Privacy Office, HHS Secretary, and/or the MTF HIPAA
Privacy Officer.
Which of the following are categories for punishing violations of federal health care
laws? - ANSWER All of the above
The three main categories of punishment for violating federal health care laws
include: criminal penalties, civil money penalties, and sanctions.
Which HHS Office is charged with protecting an individual patient's health
information privacy and security through the enforcement of HIPAA? - ANSWER
Office for Civil Rights (OCR)
A covered entity (CE) must have an established complaint process. - ANSWER
True
Which of the following are examples of personally identifiable information (PII)? -
ANSWER All of the above
PII means information that can be linked to a specific individual and may include the
following: Social Security Number; DoD identification number; home address; home
telephone; date of birth (year included); personal medical information; or
personal/private information (e.g., an individual's financial data).
The e-Government Act promotes the use of electronic government services by the
public and improves the use of information technology in the government. -
ANSWER True
A Systems of Records Notice (SORN) serves as a notice to the public about a
system of records and must: - ANSWER All of the above
A SORN serves as a notice to the public about a system of records and must:
Specify routine uses (how the information will be used), be republished if a new
routine use is created, and be provided to OMB and Congress and published in the
Federal Register before the system is operational.
Under the Privacy Act, individuals have the right to request amendments of their
records contained in a system of records. - ANSWER True
A breach as defined by the DoD is broader than a HIPAA breach (or breach defined
by HHS). - ANSWER True
Which of the following are common causes of breaches? - ANSWER All of the
above
Breaches are commonly associated with human error at the hands of a workforce
member. Improper disposal of electronic media devices containing PHI or PII is also
a common cause of breaches. Theft and intentional unauthorized access to PHI and
PII are also among the most common causes of privacy and security breaches.