Sample Newsletter Download

Question 1 : Who is covered under HIPAA?
  1. Clearinghouses
  2. Healthcare providers that transmit standard transactions electronically
  3. Health plans
  4. All of the above
Question 2 : Tom, Brad and I were school mates and are very close friends. We go out for dinner every Friday, and we discuss our work incidents with each other. I tell them about the patients that I've been caring for. I never mention their names, so the patients are de-identified. That's okay, right?
  1. Yes
  2. No
  3. May be
Question 3 : What makes a good password?
  1. Using a wide range of characters
  2. Using mixed case in words
  3. Using mnemonics to help you remember passwords
  4. None of the above
  5. All of the above
Question 4 : What does "minimum necessary" mean?
  1. I am only expected to complete the minimum requirements of my job.
  2. A workforce member's access to PHI is limited to only what is required to perform his/her job responsibilities.
  3. Requests for use and disclosures of PHI are limited to what is needed to perform the task.
  4. A medical center is no longer allowed to provide information about patients to the media under any circumstances.
  5. b and c
Question 5 : Over the past one year, John has collected many sheets of paper which contain patient names and other identifiable health information. He wants to get rid of some of that paper. What should John do?
  1. Use it as rough paper.
  2. Throw it in the dustbin.
  3. Destroy it or put it in the Shredder
  4. Any of the above
Question 6 : Jim is an employee of the medical center's Environmental Services department. One day, when he was working in the Emergency Room, he saw an ambulance bringing his neighbor, Scott, into the medical center. He heard someone say that Scott met with a severe accident and is being taken to the Operating Room. Scott's wife also works for the medical center in another department Jim should call Scott's wife right away and tell her that he is in the Emergency Room.
  1. True
  2. False
Question 7 : Workforce member tries to log-in to the computer three times. Each time, a message box tells him/her that his/her password is incorrect. What should he do?
  1. Ask a co-worker to log-in for him/her.
  2. Try different combinations of letters and numbers. Maybe one of them will work.
  3. Call the Help Desk.
  4. Notify his/her supervisor.
Question 8 : Are Consents and Authorizations the same?
  1. Yes. They can be used interchangeably.
  2. No. Consents are used to get the patient's permission to use or disclose health information for treatment, payment or business operations. Authorizations are used to obtain permission to disclose PHI for activities outside the realm of treatment, payment or business operations.
Question 9 : Sam has a personal laptop at home, which he sometimes use to check his official email on the weekends. However, he never save files containing PHI onto his laptop. Does it still need to be encrypted?
  1. No, because he rarely uses his personal laptop for business
  2. Yes, because he accesses his official emails, which may result in files automatically downloading to his laptop, without his knowledge
  3. No, because he doesn't save files containing PHI on his laptop
Question 10 : What should they do?
  1. Ask one of the people nearby for an opinion on the case being discussed.
  2. Stop talking about the case and move to a private location where their discussion cannot be overheard
  3. Announce that they are talking about private information that contains PHI and so they shouldn't listen.
  4. Try to check with the people, if somebody knows that patient and about his medical condition.
Question 11 : Who enforces HIPAA law?
  1. OCR - Office for Civil Rights of the Department of Health and Human Services
  2. OIG - Office of the Inspector General
  3. CDC - Centers for Disease Control
  4. CMS - Centers for Medicare and Medicaid Services
Question 12 : Which safeguard of HIPAA Security Rule addresses the development of policies and procedures for e-PHI security?
  1. Technical
  2. Physical
  3. Administrative
Question 13 : Impermissible disclosure of PHI that compromises the security or privacy of the patient is defined as ________________.
  1. Notice of Privacy Practices
  2. Breach
  3. Data Security
  4. Incident
Question 14 : All workforce members who are not involved in a patient's care are allowed to review the patient's chart in a doctor's office out of curiosity.
  1. Yes. It is allowed, as long as the contents are not discussed publically.
  2. No. Viewing a medical record is not allowed under HIPAA by a workforce member out of curiosity. Only those healthcare providers involved in the patient's care should review the record, as needed for that care.
Question 15 : Patient's PHI is used for patient registration and coding purposes. This is allowed under which use and disclosure allowed category for release of PHI.
  1. Treatment
  2. Payment
  3. Operations
  4. All of the above