What Are The Three Primary Parts Of Hipaa

A pharmaceutical company asks for a list of all individuals in your practice, so they can send those individuals a free gift of a pill sorter. Is it permissible for you to provide the list?

For which of the following types of PHI does HIPAA require a signed authorization for use or disclosure?

Which of the following is most likely to be a business associate of a healthcare provider that is a Covered Entity?

Which of the following is one of the three primary parts of HIPAA?

What does HIPAA stand for?

Who should HIPAA complaints be directed to within the Covered Entity?

When must the provider distribute a HIPAA Notice of Privacy Practices (NPP)?

John, a pharmacist at the local drug store, is calling a customer, Beth, to ask her allergy questions before giving her a newly prescribed medication. There is a very long line at the pharmacy and many people are within earshot of John and Beth. If other customers hear about Beth's allergies and medical conditions over the course of their conversation, would John be in violation of HIPAA?

Linda's practice calls individuals to confirm appointments. Karen requests that the practice does not make these calls to her because she is afraid her husband will become abusive if he finds out she is seeking treatment. Karen says she will call the practice to confirm and asks to be taken off the call list. Does HIPAA require the practice comply with Karen's request?

True or False: An individual is allowed to request information of how their personal health information has been used.

Lucy is a psychotherapist who has recently begun accepting adolescent and young adult clients. She begins to see an 18-year-old male client for major depressive disorder, who is still living with his parents. After a few weeks, his parents demand to see a copy of Lucy's notes taken during their psychotherapy sessions. Under HIPAA, should Lucy provide a copy of her client's treatment record to the parents?

The first step toward security rule compliance is:

Which of the following actions would cause a healthcare provider to become a Covered Entity?

Which of the following is an exception to the definition of a "breach"?

Which of the following is considered PHI under HIPAA?

Mary had good reason to believe that a teenaged client of hers was abused by her uncle and Mary reported the suspected abuse to Child Protective Services. However, Mary was mistaken. The false report, although made in good faith and consistent with state law, seriously upset her client's uncle. Did Mary violate HIPAA?

True or False: HIPAA's Privacy and Security Rules dictate exactly how covered entities and business associates must dispose of records.

Under what circumstances would a provider need to ensure they are complying with the requirements of Title 42 CFR Part 2?

In January 2013, DHHS issued sweeping changes to HIPAA's privacy, security, and enforcement requirements. Because the changes modified several rules at once, these changes are collected referred to as what?

The Security Rule protects the following:

Under HIPAA, when notifying individuals that their protected health information has been breached, what information must be included?