MDH - Introduction to HIPAA Question Title * 1. My responsibility under HIPAA includes: Handling PHI as if it were my own Disposing of scrap paper and other documents with PHI by shredding or confidential disposal Accessing PHI, only the minimum necessary, to do my job Discussing potential violations or any HIPAA concerns with my supervisor, manager or the designated HIPAA Privacy/Security Official All of the Above Question Title * 2. Computer security is: Exclusively the responsibility of the user A combination of technical and user security measures and vigilance Is not covered by HIPAA regulations A purely technical function Question Title * 3. How does OCR determine how to assess civil money penalties in HIPAA non-compliance matters: On a tiered system from unknowing to willful neglect. It depends on how much the patient is suing for. OCR doesn't assess civil money penalties for violators. The same penalties are assessed for all violations. Question Title * 4. If an employee observes a PHI "privacy incident" that could result in a data breach, they are required to notify the Privacy Officer. False True Question Title * 5. The primary federal law pertaining to medical information privacy is: American Recovery and Reinvestment Act (ARRA) Health Insurance Portability and Accountability Act (HIPAA) Health Information Technology for Economic and Clinical Health Act (HITECH) All of the above None of the above Question Title * 6. Updated HIPAA law must be complied with by: Every American business regardless of industry Covered entities and business associates in healthcare All physicians but not registered nurses in hospitals and clinics All US citizens and residents above the age of 18 Question Title * 7. What kind of protected health information is covered by HIPAA: Electronic Spoken Paper All of the above Question Title * 8. The "minimum necessary" rule refers to: A minimal quota of patients to serve by a clinic within a calendar month The understanding that healthcare employees must only look at patient's PHI on as-needed basis The minimum number of days that must pass between changing company computer passwords None of the above Question Title * 9. Under HIPAA, it is permitted to access PHI out of curiosity: If you keep it to yourself Under no circumstances -- it is a HIPAA breach that could get you fired If you know the person very well If the person's family was asking about it Question Title * 10. Which is a privacy breach: A team member fails to maintain confidentiality by discussing PHI on social media Lab results are sent to the wrong recipient A laptop or Smartphone containing electronic PHI is lost or stolen – and the device is not encrypted A computer hacker gains access to files that contain PHI All of the above Question Title * 11. Enter your FULL name. Done