Which of these statements accurately reflects the definition of protected health information (phi)?

Question 1 - The acronym HIPAA stands for:

• Health Insurance Premium Administration Act
  
• Health Information Portability and Accountability Act
  
• Answer:  Health Insurance Portability and Accountability Act
  
• Health Information Profile and Accountability Act
  

Question 2 - The requirements of HIPAA Privacy include all of the following EXCEPT:

• Answer:  Putting firewalls on all internet connections
  
• Designating a privacy officer
• Business Associate contracts
• Policies, procedures and systems
  
• Ongoing training for staff and agents
  

Question 3 - All of the below are benefits of Electronic Transaction Standards EXCEPT:

• Answer:  Transaction rebates back to submitter

• Decreased administrative costs
• Accurate and timely processing
• Elimination of the inefficiencies of handling paper documents
  
• Improvement of overall data quality
  
• Steamlining business to business transactions

Question 4 - The Security Rule allows covered entities and Business Associates to take into account all of the following EXCEPT:

• Answer:  Their corporate status

• Their size, complexity and capabilities
• Their technical infrastructure, hardware and software security capabilities
• The costs of security measures
  
• The probability and critical nature of potential risks to ePHI
  
• Their access to and use of ePHI
  

Question 5 - Which of these statements accurately reflects the definition of PHI?

• PHI does not include protected health information in transit
  
• PHI does not include a physicians hand written notes about the patient's treatment
  
• PHI does not include data that is stored or processed
  
• Answer:  PHI includes protected health information stored on any form of media
  

Question 6 - The Omnibus Rule was meant to strengthen and modernize HIPAA by incorporating provisions of the HITECH Act and the GINA Act, as well as finalizing, clarifying and providing detailed guidance on many previous aspects of HIPAA.

• Answer:  True

Question 7 - Which of the following is a Technical Security?

• Answer:  Passwords

• Training - this is an administrative security
• Locked media storage cases - this is a physical security
  
• Designating a security officer - this is an administrative security

• If the organization consists of more than 5 individuals
  
• If they store protected health information in electronic form
  
• Answer:  If they routinely use,create or distribute protected health information on behalf of a covered entity
  
• If they are considered a covered entity under HIPAA

Question 9 - Which of the following is NOT true regarding a Business Associate contract:

• Is required between a Covered Entity and Business Associate if PHI will be shared between the two
  
• Is a written assurance that a Business Associate will appropriately safeguard PHI they use or have disclosed to them from a covered entity
  
• Defines the obligations of a Business Associate
  
• Can be either a new contract or an addendum to an existing contract 
  
• Answer:  Is optional depending on types of PHI received
  

Question 10 - Penalties for non-compliance can be which of the following types:

• Civil and accidental
  
• Criminal and incidental
  
• Accidental and purposeful
  
• Answer:  Civil and criminal
  

Question 11 - All of the following are ePHI, EXCEPT:

• Electronic Medical Records (EMR)
  
• Computer databases with treatment history
  
• Answer:  Paper medical records - the e in ePHI stands for electronic
  
• Electronic claims
  

Question 12 - An authorization is required for which of the following:

• Medical referrals
  
• Treatment, payments and operations
  
• Answer:  Non-routine disclosures
  
• Where required by law enforcement
  

Question 13 - All of the following are part of the HITECH and Omnibus Act updates, EXCEPT:

• Increased penalties and enforcement
  
• Expanded privacy guards for individuals
  
• Direct enforcement of Business Associates
  
• Answer:  Ability to sell PHI without an individual's approval
  
• Breach notification of unsecured PHI
  
• Business Associate contract required
  

Question 14 - The Administrative Simplification section of HIPAA consists of standards for the following areas, EXCEPT:

• Transactions, code sets, identifiers
  
• Privacy
  
• Security
  
• Answer:  Insurance Reform
  

Question 15 - If a Business Associate discovers PHI was improperly used or disclosed, what are they obligated to do?

• Notify the Department of Health and Human Services
  
• Notify the individuals whose PHI was improperly used or disclosed
  
• Answer:  Notify the covered entity
  
• Notify the local police deparment