An Authorization Is Required For Which Of The Following Hipaa

Within HIPAA how does Security differ from Privacy?

Covered Entities may also use or disclose PHI without authorization in the following circumstances EXCEPT: A. Emergencies involving imminent threat to health or safety (to the individual or the public) B. Where required by law C. Law enforcement D. Medical research with information that identifies the individual E. Public health activities F. Workers' compensation

Authorization is required for which of the following? A. Minimum necessary disclosures of PHIB. Non-routine disclosures of PHIC. ReferralsD. Treatment B. Non-routine disclosures of PHI C. Referrals D. Treatment

Penalties for non-compliance can be which of the following types? A. Civil and Accidental B. Criminal and Incidental C. Accidental and Purposeful D. Civil and Criminal

Which of the following is NOT an example of physical security? A. Lock file cabinets B. Lock office doors C. Locked media storage cases D. Data encryption

What is a key to success for HIPAA compliance? A. Managerial expertise B. Education C. Organizational structure D. Apathy

Which of the following are examples of health care plans? A. An HMO B. The Medicaid program C. Employer group health plans D. All of the above

The Security Rule's requirements are organized into which of the following three categories: A. Administrative, Non-Administrative, and Technical safeguards B. Physical, Technical, and Non-Technical safeguards C. Administrative, Physical, and Technical safeguards D. Privacy, Security, and Electronic Transactions

Incidental Use and Disclosures refers to disclosures that are incidental to an otherwise permitted use or disclosure. A. True B. False

The acronym HIPAA stands for A. Health Insurance Premium Administration Act B. Health Information Portability and Accountability Act C. Health Insurance Portability and Accountability Act D. Health Information Profile Accountability Act

What does PHI stand for? A. Private Health Information B. Privileged Health Information C. Protected Health Information D. Public Health Information

What is the purpose of Physical security safeguards? A. To provide security for physical facilities, computer systems, and associated equipment B. To prevent unauthorized access across a communications network C. To ensure security plans, policies, procedures, training, and contractual agreements exist D. To protect, control, and monitor individual access to electronically stored information

Which of these entities could be considered a business associate? A. Billing service B. Lawyer C. Document and record storage company D. All of the above

Under what circumstances can a covered entity disclose PHI without an authorization? A. To an employer B. To the media C. When required by law D. At their discretion

The HIPAA regulations provide a federal floor for healthcare privacy and security standards and do NOT override more strict state laws which potentially requires providers to support two systems and follow the more stringent state law. A. True B. False

Which of the following statements is accurate regarding the "Minimum Necessary" rule in the HIPAA regulations? A. Covered entities and business associates are required to limit the use or disclosure of PHI to the minimum necessary to accomplish the intended or specified purpose. B. Minimum necessary provisions do not apply to uses or disclosures of PHI to business associates under a Business Associate Contract. C. Minimum Necessary does not apply when PHI is used for marketing purposes D. The covered entity must rely on the requesting party to determine the minimum necessary information to be provided.

The purpose of Administrative Simplification is: A. Improve the efficiency and effectiveness of the national health care system B. Protect patient rights C. Reduce fraud and abuse D. All of the above

An authorization is required for which of the following? A. Medical referrals B. Treatment, Payment, and Operations C. Non-routine disclosures D. Where required by law enforcement

Who must comply with the Security Rule? A. All covered entities and business associates B. Any person or organization that stores or transmits individually identifiable health information electronically C. Any government agency D. Any for profit organization

Minimum Necessary Disclosure refers to disclosing only the the minimum amount of PHI necessary to accomplish the intended purpose of the use or disclosure A. True B. False

Which of the following are NOT characteristics of an "authorization"? A. The authorization may condition future medical treatment on the individual's approval B. An authorization is written in broad terms C. An authorization is needed for all purposes including those for treatment, payment, and operations D. All of the above

Which of the following is NOT an example of a health care provider? A. Physician B. HMO C. Dentist D. Chiropractor

Which of the following is a Technical Security? A. Passwords B. Training C. Locked media storage cases D. Designating a security officer

The Privacy and Security rules specified by HIPAA are reasonable and scalable to account for the nature of each organization's culture, size, and resources. Each organization will determine its own privacy policies and security practices within the context of the HIPAA requirements and its own capabilities and needs. A. True B. False

The Security Rule allows covered entities and business associates to take into account: A. Their size, complexity, and capabilities B. Their technical infrastructure, hardware, and software security capabilities C. The costs of security measures D. The probability and criticality of potential risks to ePHI E. Their access to and use of ePHI F. All of the above

De-Identification refers to ensuring that all of the individually identifiable information is identified and included in any HIPAA standard transaction. A. True B. False

Which of the following are EXEMPT from the HIPAA Security Rule? A. Large health plans B. Covered entities that do not create, receive, maintain or transmit ePHI C. Hospitals D. Business Associates

Which standard is for safeguarding of PHI specifically in electronic form (ePHI)? A. Security Standards B. Transaction Standards C. Unique Identifiers and Code Sets D. Privacy Standards

All of the following are true about Business Associate Contracts EXCEPT: A. Both Covered Entities and Business Associates are required to ensure that a Business Associate Contract is in place in order to be compliant with the HIPAA regulations B. Business Associates are required to ensure that Business Associate Contracts are in place with any of the Business Associate's subcontractors C. Covered Entities are required to obtain "satisfactory assurances" (i.e., that their PHI will be protected as required by HIPAA law) from Business Associates D. Business Associates are NOT required to obtain "satisfactory assurances" (i.e., that their PHI will be protected as required by HIPAA law) from their subcontractors

Which standard is for controlling and safeguarding of PHI in all forms? A. Security Standards B. Transaction Standards C. Unique Identifiers and Code Sets D. Privacy Standards

Each of the following are ways that Texas HB 300 expands individual privacy protections beyond HIPAA EXCEPT: A. Expanding the definition of a covered entity B. Expands the definition of HIPAA Minimum Necessary Disclosure C. Expanding breach notification scope and penalties D. Expanding patient rights around Electronic Health Records E. Expanding training requirementsF. Stronger enforcement/penalties to deter violations and breaches

A Business Associate Contract must specify the following? A. Each business associate to which the covered entity intends to disclose PHI B. That the business associate now has sole responsibility for the PHI C. That covered entities are not liable for the violations of the Privacy Rule by their business associates D. The PHI to be disclosed and the uses that may be made of that information

When should you promote HIPAA awareness? A. After the policies and procedures have been written B. After rollout and implementation C. The first step in the compliance process D. After the risk assessment

When does state privacy law supersede HIPAA? A. When state privacy law is less protective than HIPAA B. When state privacy law is more protective than HIPAA C. It is up to the discretion of the covered entity D. State privacy law never supersedes HIPAA

The HIPAA Security Rule is a technology neutral, federally mandated "floor" of protection whose primary objective is to protect the confidentiality, integrity, and availability of individually identifiable health information in electronic form when it is stored, maintained, or transmitted. A. True B. false

Who enforces HIPAA? A. Surgeon General B. Department of Health and Human Services C. Department of Health Information Security D. Local Police Department

Of the following, which are implications of non-compliance with HIPAA? A. Increased operation costs B. Financial penalties C. Litigation damages D. All of the above

Which of these statements accurately reflects the definition of protected health information (PHI)? A. PHI does not include PHI in transit. B. PHI does not include a physician's hand written notes about the patient's treatment. C. PHI does not include data that is stored or processed. D. PHI includes PHI stored on any form of media.