HIPAA Quiz
Name
First Name
Last Name
Email
example@example.com
1. HIPAA stands for:
*
A. Health Information Privacy Administration Act
B. Health Information Portability and Accountability Act
C. Health Insurance Portability and Accountability Act
D. Health Insurance Privacy and Administration Act
2. PHI stands for Protected Health Information
*
A. True
B. False
3. What kind of PHI does the HIPAA privacy rule protect?
*
A. Paper
B. Electronic
C. Spoken
D. None of the above
E. All of the above
4. Which of the following entities are NOT covered under HIPAA?
*
A. Healthcare Provider
B. Schools
C. Health Plans
D. Social Workers
5. ePHI (Electronic Protected Health Information) includes:
*
A. Emails
B. Faxes
C. Texting
D. Social Media
E. All of the above
F. A, C and D
6. The goal of HITECH is to promote the adoption of and meaningful use of health information technology that expands the HIPAA Privacy rule and security standards as it relates to the security of PHI.
*
A. True
B. False
7. You receive an unfamiliar type of email in your inbox, what should you do?
*
A. Mark the email as junk and then empty your junk folder
B. Open it to see if it's from someone you might know and then mark it as junk
C. Mark it as junk
D. Open it to see if it's from someone you might know and then delete it
8. Ensuring employees and contractors are HIPAA compliant is only the responsibility of the compliance officer and practice owner.
*
A. True
B. False
9. A signed authorization of release of information is valid for an indefinite amount of time.
*
A. True
B. False
10. Heather has been working with a family for the last 2 years and the family maintains a Facebook page to keep friends and family updated on their child’s progress towards speech goals. One day, the family posted about their child regressing in his communication and mentions the rapid loss of words. As the family’s therapist, Heather wanted to provide support, so she posted, “I’m so sorry to hear there’s been a regression in speech. At our next visit we can talk about your observations and discuss possible reasons for the regression. I will see you next Wednesday.” The site automatically listed the user’s name with each comment. The next day, Heather was shopping at the local grocery store when a friend stopped her to ask about the family and the child’s condition. “I saw your post yesterday. I didn’t know you were working with this family and that the child was receiving speech therapy” the friend said. “I hope you’re able to help them. They are such a great family.” What’s wrong with this scenario?
*
A. Confidentiality has been breached because information has been inadvertently disclosed about the family and child
B. Everyone who reads the family’s post now knows the child receives speech therapy, is showing regression and the child’s appointment information breaching privacy and confidentiality
C. Nothing is wrong since the family accepted your friend request and already disclosed information about the child’s condition on their Facebook page
D. Both A and B
E. All of the Above
11. If you send PHI to a receiver in error you must notify the receiver and tell them to destroy the infomation
*
A. True
B. False
12. You post a picture/video on Facebook of a child you’re treating to demonstrate a great activity parents can do to address sensory sensitivities and tag your most inspiring parent with his or her verbal permission. Is this a problem?
*
A. No, the parent provided verbal permission to post the photo
B. No, you post pictures with children you treat all the time
C. Yes, there's a problem. you should always get written permission from parents before posting an patient photos or other media online
D. No, if you remove the tag
E. No, if the parent is not on Facebook
13. How many personal identifiers exist under HIPAA
*
A. 18
B. 5
C. 16
D. 3
E. What's a personal identifier
14. When is parent authorization NOT required to disclose PHI?
*
A. Reporting information to law enforcement
B. Reporting child abuse/neglect to a social service department of a local government
C. Disclosure is made for purposes of treatment to doctors or other healthcare providers
D. All of the above
E. None of the above
15. A parent initiates an email to a therapist using an unencrypted email client with PHI information in it and requests a reply? What’s the BEST way for you to handle this situation?
*
A. The provider can assume that unencrypted email communications are acceptable to the parent
B. If the provider feels the parent may not be aware of the possible risks of using unencrypted e-mail the provider can alert the parent of those risks, and let them decide whether to continue e-mail communications.
C. Send a text to the parent instead
D. Call the parent to provide a response
E. None of the above
16. You receive a fax from a referring provider. The administrative staff has stepped away from their desk. What do you do?
*
A. Ignore it. The front office team will handle it when hey return
B. Flip the paper face down so no PHI is showing
C. Ask out loud if anyone knows anything about the patient and what you should do with the paperwork
D. See if the fax is for you. Then flip it over so the PHI is face down
17. You have multiple home visits today and you have your laptop with you. You decide to:
*
A. Leave it in your car - covered with a blanket
B. Lock it in the trunk
C. Leave it on the seat. You're only going to be gone for a minute
D. Leave it in the care until you go to work tomrorow
18. A colleague writes down a child’s name, assessment information, and a diagnosis on a post it note then throws it in the recycling bin. What should you do?
*
A. Say nothing. It's none of your business if your colleague is being inefficient
B. Take it out of the recycling bin when your colleague isn't looking and throw it into the locked shred bin or shredder
C. Report the incident to management and ensure the document is properly shredded
D. Talk to your colleague about the importance of protecting PHI and suggest a secure way to store PHI information
E. Both C and D
19. Employees and/or Contractors who violate HIPAA privacy law could receive which corrective action
*
A. A verbal and/or written warning
B. A 1-3 day suspension
C. Termination of employment
D. All of the above
E. Both A and B
20. When leaving a voice message for a parent you should...
*
A. Leave as much information as possible so the parent understands what the call is regarding before calling back
B. Follow the minimum necessary rule and leave the least amount of information needed to accomplish the purpose of the call
C. Not leave a message and instead call back at another time when the parent will be home
D. None of the above
21. The Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) requires HIPAA covered entities and their business associates to provide notification following a breach of unsecure PHI.
*
A. True
B. False
22. What must occur if there's a breach in unsecure PHI?
*
A. Notify the compliance officer and/or your immediate supervisor
B. Notify affected individuals in written form
C. Both A and B
D. None of the above
23. When using parent testimonials for marketing and/or promotional purposes you must do all of the following EXCEPT:
*
A. Have the parent sign the Client Testimony Consent Form
B. Have the parent do a video testimonial because potential families respond better to this type of marketing
C. Disclose if the testimonial is not reflective of the typical experience for most children treated at PPTS
D. Inform parent of their rights
24. Once a parent provides consent for using their testimonial, it cannot be revoked
*
A. True
B. False
25. How can we as a practice ensure success with HIPAA compliance?
*
A. Conduct a risk assessment
B. Ensure book of evidence is in place, updated and assessable
C. Conduct annual compliance training
D. All of the above
Your Score
Submit
Should be Empty: