HIPPA Quiz

Healthcare providers, Health plans, Healthcare clearing houses. Tech companies , Cloud service providers, and Anyone with access to PHI are called covered entities :

False

Healthcare providers are any provider of medical or other health services or any organization or person who transmits health information in electronic form, This includes organizations and individuals who provide billing service or are paid in connection to services in the course of doing business:

True

An example of a physical safeguard would be keeping all patient files in a locked room that all personnel have access to

False

False

A healthcare clearinghouse is any individual or group plan that provides or pays cost of healthcare services, such as an HMO, an insurance company, and medicaid and medicare :

It is acceptable to leave PHI on voice messages

False

Per HITECH regulations , business associates are now legally required to be compliant with the HITECH act. This includes assuming financial liability for any and all data breaches caused by their organization or employees:

True

Covered entities are not required by law to provide patients with copy of their privacy policy upon request :

False

A) protection and privacy of PHI

B) portability of insurance

C) prevention of discrimination

D) standaradization and efficiency in health data

E) All of above (answer)

The health insurance portability and accountability act of 1996 (HIPAA) provides:

HIPAA covers all forms of PHI, including electronic, paper, and even oral/ spoken:

True

A heath plan is:

Any individual or group plan that provides or pays the cost of healthcare services, such as HMO, and insurance company, and medicaid and medicare

An example of an administrative safeguard would be allowing only office managers to send protected health information in electronic form

True

Examples of technical safeguard would be using data encryption and also shared passwords to better protect files from unauthorized access.

False

When referring a patient to another healthcare provider, you do not need written authorization from the patient to share their health necessary for treatment purposes :

False

You see one of your colleagues at lunch and she tells you about an interesting case that she observed in the clinic, After lunch you decide to access the patient’s medical records to enhance your learning experience, Because it is for educational purposes, this access of information is okay :

False

If a patient wants a copy of their medical records and other health information, they:

May have to put their request in writing and pay for the cost of copying and mailing.

Human/ employee error accounts for a large number of healthcare data breaches

True

Which of the following is considered a business associate?

Suppliers and maufacturers with access to Phi and ephi

PHI cannot be used to commit any types of fraud and/ or identity theft

False

You just received a strange looking email in your work email account; what do you?

all of the above

HIPAA law covers all PHI in electronic formats (also known as ePHI) This includes only some specific socal media platforms

False