| Question 1 - The acronym HIPAA stands for: - Health Insurance Premium Administration Act
- Health Information Portability and Accountability Act
- Answer: Health Insurance Portability and Accountability Act
- Health
Information Profile and Accountability Act
Question 2 - The requirements of HIPAA Privacy include all of the following EXCEPT:
- Answer: Putting firewalls on all internet connections
- Designating
a privacy officer
- Business Associate contracts
- Policies, procedures and systems
- Ongoing training for staff and agents
Question 3 - All of the below are benefits of Electronic Transaction Standards EXCEPT:
- Answer: Transaction rebates back to submitter
- Decreased administrative costs
- Accurate and timely processing
- Elimination of the inefficiencies of handling paper documents
- Improvement of overall data quality
- Steamlining business to business
transactions
Question 4 - The Security Rule allows covered entities and Business Associates to take into account all of the following EXCEPT:
- Answer: Their corporate status
- Their size, complexity and capabilities
- Their technical
infrastructure, hardware and software security capabilities
- The costs of security measures
- The probability and critical nature of potential risks to ePHI
- Their access to and use of ePHI
Question 5 - Which of these statements accurately reflects the definition of PHI?
- PHI does not include protected health information in transit
- PHI does not include a physicians hand written notes about the patient's treatment
- PHI does not include data that is stored or
processed
- Answer: PHI includes protected health information stored on any form of media
Question 6 - The Omnibus Rule was meant to strengthen and modernize HIPAA by incorporating provisions of the HITECH Act and the GINA Act, as well as finalizing, clarifying and providing detailed guidance
on many previous aspects of HIPAA. Question 7 - Which of the following is a Technical Security?
- Training - this is an administrative security
- Locked media storage cases - this is a physical security
- Designating a security officer - this is an administrative security
Question 8 - Business Associates must comply with HIPAA Privacy:
- If the organization consists of more than
5 individuals
- If they store protected health information in electronic form
- Answer: If they routinely use,create or distribute protected health information on behalf of a covered entity
- If they are considered a covered entity under HIPAA
Question 9 - Which of the following is NOT true regarding a Business Associate contract:
- Is required between a Covered Entity and Business Associate if PHI will be shared between the two
- Is a written assurance that a Business Associate will appropriately safeguard PHI they use or have disclosed to them from a covered
entity
- Defines the obligations of a Business Associate
- Can be either a new contract or an addendum to an existing contract
- Answer: Is optional depending on types of PHI received
Question 10 - Penalties for non-compliance can be which of the following types:
- Civil and accidental
- Criminal and incidental
- Accidental and purposeful
- Answer: Civil and criminal
Question 11 - All of the following are ePHI, EXCEPT:
- Electronic Medical Records (EMR)
- Computer databases with
treatment history
- Answer: Paper medical records - the e in ePHI stands for electronic
- Electronic claims
Question 12 - An authorization is
required for which of the following:
- Medical referrals
- Treatment, payments and operations
- Answer: Non-routine disclosures
- Where required by law enforcement
Question 13 - All of the following are part of the HITECH and Omnibus Act updates, EXCEPT:
- Increased penalties and enforcement
- Expanded privacy guards for individuals
- Direct enforcement of
Business Associates
- Answer: Ability to sell PHI without an individual's approval
- Breach notification of unsecured PHI
- Business Associate contract required
Question 14 - The Administrative Simplification section of HIPAA consists of standards for the following areas, EXCEPT:
- Transactions, code sets, identifiers
- Privacy
- Security
- Answer: Insurance Reform
Question 15 - If a Business Associate discovers PHI was improperly used or disclosed, what are they obligated to do?
- Notify the Department of Health and Human
Services
- Notify the individuals whose PHI was improperly used or disclosed
- Answer: Notify the covered entity
- Notify the local police deparment
|
What is PHI Protected Health Information?
Protected health information (PHI), also referred to as personal health information, is the demographic information, medical histories, test and laboratory results, mental health conditions, insurance information and other data that a healthcare professional collects to identify an individual and determine appropriate ...
What are examples of PHI Protected Health Information )?
Examples of PHI.
Patient names..
Addresses — In particular, anything more specific than state, including street address, city, county, precinct, and in most cases zip code, and their equivalent geocodes..
Dates — Including birth, discharge, admittance, and death dates..
Telephone and fax numbers..
Email addresses..
Which of the following is an example of Protected Health Information quizlet?
Which of the following is an example of Protected Health Information (PHI)? Explanation of benefits from a health insurance company.
Where is PHI defined?
Protected health information is defined in the Code of Federal Regulations and applies to health records, but not education records which are covered by other federal regulations, and neither records held by a HIPAA-covered entity related to its role as an employer.