Unc Hipaa Training

If you find a USB drive, do not insert it into a University machine, even to identify the owner.

Once a person has died, how long does HIPAA protect the decedent's PHI?

The HIPAA Security Rule requires what type of safeguards for ePHI?

A covered entity is required to enter into a business associate agreement with another health care provider before disclosing PHI for the treatment of an individual.

During a charity golf tournament, a University vice chancellor was injured and transported to a UNC clinic for treatment. The vice chancellor's medical record may be accessed or viewed only:

If you are at home or some other off-site location, any computers and mobile devices you use to connect to University networks or systems must meet the same minimum security standards that apply to your work computer.

Before treating a vice chancellor who was injured during a charity golf tournament, the UNC clinic providing treatment requested her complete medical records for review. The clinic's request must follow the Minimum Necessary standard for purposes of treating the vice chancellor

To use or disclose PHI for research purposes, you must have:

All University Units are covered by HIPAA.

Which of the following are examples of best practices for safeguarding the privacy and security of PHI?

Which of the following best describes the University "workforce" for HIPAA purposes:

The University may be subject to fines and penalties if a University Covered Component does not timely and fully respond to patient requests to view and copy their healthcare records

Which of the following are examples of appropriate safeguards for PHI

You want to send a get-well card to a colleague's home address. Since you have access to medical records for your job, it is permissible to get the address from the medical records.

If your University-issued laptop is stolen from your home, you must report the incident to the Department of Public Safety and the IT Response Center at 919-962-HELP.

Individuals who violate the University's Privacy and Security policies will be held personally responsible and may be subject to

HIPAA provides that patients have a right to:

Researcher Jack intended to send an email containing PHI to his colleague Researcher Bill, but inadvertently sent the email containing PHI to Researcher Jill. All three individuals are employed by UNC in a Covered Component. Jill had no legitimate work reason to receive the email. Upon receipt of the email, Jill notified Jack that she received the email in error, deleted the email from her inbox and from her "deleted items" folder. Jack resends the email to the intended recipient, Bill. Does Jack have to report the incident to the Institutional Privacy Office?

You are asked to prepare a presentation for a health care conference and you intend to use slides that show cells taken from patients' tissue cultures. These slides also contain the patients' medical record numbers, as well as the date the tissue cultures were obtained. What do you need to do?

A researcher or healthcare provider is not entitled to use PHI in research without the appropriate documentation, including an individual patient authorization or an institutionally approved waiver of authorization.

To avoid becoming a victim of a phishing scam, which of the following are good practices?

A University Covered Component seeks to hire a vendor to perform a service on behalf of the University that involves access to, transmission of, or storage of PHI. What agreement is generally required by the HIPAA Rules to ensure that the vendor appropriately safeguards PHI?

Minimum Necessary means that you should only access, use, or disclose the amount of information that is truly needed to accomplish your intended purpose.

Certain identifiers indicate that PHI is present when associated with an individual's health care status. Which of the following are PHI identifiers?

You receive an email that appears to be from UNC ITS and says "During our regular verification of user accounts, we couldn't verify you as a user in the UNC system. Please click here to update your information." You should: