Question: Which is NOT an appropriate method of notification regarding a covered entity’s electronic disclosure policy?

Answer: Mailing a notice to the consumer in an unmarked envelope.

Question: True or False: Using a card reader or scanner to obtain PHI carries a more severe penalty under HB 300 than credit card fraud.

Answer: False

Question: A covered entity may disclose PHI without authorization to:

Answer: Another covered entity for purpose of treatment, payment, health care operations, an insurance or HMO function.

Question: To which entity must the Attorney General report the number and types of complaints reported?

Answer: The Texas State Legislature

Question: When are the privacy and security standards for the electronic sharing of protected health information due to the Texas Health and Human Services Commision?

Answer: January 1, 2013

Question: The penalty for NOT taking responsible action to disclose a security breach of sensitive personal information is:

Answer: Not more than $100/individual for each day of inaction

Question: What is the timeframe for providing a consumer with an electronic copy once a written request is recieved?

Answer: No later than the 15th day

Question: The cost for a covered entity selling PHI to another covered entity:

Answer: Cannot exceed the cost of preparing and transmitting the data.

Question: True or False: The commission must send all civil penalities to the federal government.

Answer: False

Question: Which of the following are training requirements under HB 300?

Answer: Cover both state and federal law regarding PHI