HIPAA: The Basics
Volunteer Name
*
First Name
Last Name
Date
*
-
Month
-
Day
Year
Date
1. Which of the following is NOT a purpose of HIPAA?
*
It provides individuals with privacy rights for their protected health information.
It provides individuals with protections for their protected health information, including controls over how the information is used and disclosed.
It describes steps that must be taken to protect confidential electronic protected health information from unintended disclosure through security breaches.
It allows PHI to be unsecured at all times.
Your responses is
incorrect
. Please try again.
2. True or False: Your company can be fined up to $50,000 for violating HIPAA even when you disclosed PHI by mistake.
*
True
False
Your responses is
incorrect
. Please try again.
3. Mark is catching up on progress notes after his shift as a nurse at a long-term care community. He remembers a funny incident in which a patient forgot to put on his pants before he went to breakfast. Mark tells the other professionals about the incident who are also catching up on progress notes. Mark laughingly says“Mr. Jones’ dementia is really getting the best of him.”. Is Mark in violation of HIPAA?
*
Only if the information revealed exposes Mr. Jones to reputational harm
No, it is an acceptable disclosure because only other professionals were in the room
Yes, this information is protected by HIPAA
No, it is an acceptable disclosure because it was for the purposes of treatment
Your responses is
incorrect
. Please try again.
4. Under which circumstance can you disclose PHI?
*
If you know the person won’t mind
If it is for the purpose of treatment
If the person dies
If you no longer work for the company
Your responses is
incorrect
. Please try again.
5. Which of the following is NOT Protected Health Information?
*
The date of birth of a person who is being treated for diabetes
A statement about the number of individuals seen by the hospital for treatment of depression in 2014
The addresses of all of the individuals who saw Dr. Smith, a dentist, in the last year
The list of medical services paid for by an individual identified only by his social security number
Your responses is
incorrect
. Please try again.
6. Which of the following steps would NOT help to avoid a HIPAA violation?
*
Learn the company’s HIPAA P&Ps
Lock up all files containing PHI prior to leaving your office or desk area
Asking your friends to promise they won’t repeat anything you tell them about work
Refusing to discuss the treatment of a celebrity recently admitted to your facility
Your responses is
incorrect
. Please try again.
7. True or False: The Safe Harbor method of de-identifying health information requires that 18 types of identifiers of the individual and their relatives, employers, or household members that must be removed.
*
True
False
Your responses is
incorrect
. Please try again.
8. Tamara is behind on her work as an analyst and decides she needs to do some work at home tonight. She copies the files she has been working on (which contain PHI) to flash drive and drops the flash drive on her purse for later use. When Tamara gets home, the flash drive is missing. Is this a security breach?
*
No, Tamara doesn’t know who has the flash drive or whether the PHI was accessed, so it is not a security breach
Yes, it is a security breach. The data on the flash drive was not encrypted or otherwise protected and there is no way to undo the potential damage because the flash drive is lost
No, Tamara’s loss of the flash drive was accidental
No, Anyone who picked up the flash drive wouldn’t know what it is or how to use it
Your responses is
incorrect
. Please try again.
9. Raj has been reviewing copies of medical records of patients from his clinic to see if he can identify any opportunities for quality improvement. Company policy required Raj to shred documents containing PHI and to dispose of the shreds in locked bins for later disposal, but the door to the shredder room is locked and Raj is tired. He decides to throw the copies out in the garbage can without shredding – just this once. Has Raj violated HIPAA?
*
Yes, Raj did not follow the company’s HIPAA P&Ps about proper disposal of PHI. He could have locked them up for later “proper” disposal. So he has violated company policy and HIPAA.
No, Because Raj usually shreds PHI. Throwing PHI in the garbage on time is not a violation
No, The door to the shredder was locked so Raj couldn’t comply
Yes, Raj should have taken the documents home with him until he could shred them the next day
Your responses is
incorrect
. Please try again.
10. Which of the following is NOT and acceptable, permissible, purpose for disclosure of PHI without an authorization?
*
For entertainment purposes
For treatment purposes
For payment purposes
For healthcare operations
Your responses is
incorrect
. Please try again.
Score
Submit
Should be Empty: