MDH - Introduction to HIPAA

Question Title

* 1. My responsibility under HIPAA includes:

Handling PHI as if it were my own

Disposing of scrap paper and other documents with PHI by shredding or confidential disposal

Accessing PHI, only the minimum necessary, to do my job

Discussing potential violations or any HIPAA concerns with my supervisor, manager or the designated HIPAA Privacy/Security Official

All of the Above

Question Title

* 2. Computer security is:

Exclusively the responsibility of the user

A combination of technical and user security measures and vigilance

Is not covered by HIPAA regulations

A purely technical function

Question Title

* 3. How does OCR determine how to assess civil money penalties in HIPAA non-compliance matters:

On a tiered system from unknowing to willful neglect.

It depends on how much the patient is suing for.

OCR doesn't assess civil money penalties for violators.

The same penalties are assessed for all violations.

Question Title

* 4. If an employee observes a PHI "privacy incident" that could result in a data breach, they are required to notify the Privacy Officer.

False

True

Question Title

* 5. The primary federal law pertaining to medical information privacy is:

American Recovery and Reinvestment Act (ARRA)

Health Insurance Portability and Accountability Act (HIPAA)

Health Information Technology for Economic and Clinical Health Act (HITECH)

All of the above

None of the above

Question Title

* 6. Updated HIPAA law must be complied with by:

Every American business regardless of industry

Covered entities and business associates in healthcare

All physicians but not registered nurses in hospitals and clinics

All US citizens and residents above the age of 18

Question Title

* 7. What kind of protected health information is covered by HIPAA:

Electronic

Spoken

Paper

All of the above

Question Title

* 8. The "minimum necessary" rule refers to:

A minimal quota of patients to serve by a clinic within a calendar month

The understanding that healthcare employees must only look at patient's PHI on as-needed basis

The minimum number of days that must pass between changing company computer passwords

None of the above

Question Title

* 9. Under HIPAA, it is permitted to access PHI out of curiosity:

If you keep it to yourself

Under no circumstances -- it is a HIPAA breach that could get you fired

If you know the person very well

If the person's family was asking about it

Question Title

* 10. Which is a privacy breach:

A team member fails to maintain confidentiality by discussing PHI on social media

Lab results are sent to the wrong recipient

A laptop or Smartphone containing electronic PHI is lost or stolen – and the device is not encrypted

A computer hacker gains access to files that contain PHI

All of the above

MDH - Introduction to HIPAA

Question Title

* 1. My responsibility under HIPAA includes:

Question Title

* 2. Computer security is:

Question Title

* 3. How does OCR determine how to assess civil money penalties in HIPAA non-compliance matters:

Question Title

* 4. If an employee observes a PHI "privacy incident" that could result in a data breach, they are required to notify the Privacy Officer.

Question Title

* 5. The primary federal law pertaining to medical information privacy is:

Question Title

* 6. Updated HIPAA law must be complied with by:

Question Title

* 7. What kind of protected health information is covered by HIPAA:

Question Title

* 8. The "minimum necessary" rule refers to:

Question Title

* 9. Under HIPAA, it is permitted to access PHI out of curiosity:

Question Title

* 10. Which is a privacy breach:

Question Title

* 11. Enter your FULL name.