PHI HIPAA Education Breach Access
100
True or False: HIPAA only applies to living individuals
False, HIPAA also applies to deceased individuals for 50 years after death
100
What does HIPAA stand for?
Health Information Portability and Accountability act
100
Who is required to have HIPAA compliance training?
each individual that handles PHI
100
Define Breach
an impermissible use or disclosure under the Privacy rule that comprises the security or privacy of the PHI
100
When should PHI be accessed?
Only when it is needed to do your job
200
List 3 examples of PHI
A person's name, DOB, physical address, phone numbers, email address, social security number, ect.
200
Who enforces the HIPAA Privacy rules?
The US department of health and human services through the office of civil rights
200
Where can employees report any HIPAA concerns?
Via fax, mail, or email to the Office for Civil Rights
200
What is considered a breach of HIPAA?
Staff who are not authorized to view PHI, failure to manage risks, theft of patient information from the records, sharing PHI online
200
True or False: There are reasons to access PHI without consent
True, medical care providers may release information to other providers or entities that are participating in the patients care
300
What is required before releasing any PHI?
A signed release of information
300
What is an example of incidental disclosure?
Overhearing a provider/MA conversation about another patient
300
True or False: Is HIPAA training required for any new employees that will be working with PHI but have prior knowledge of HIPAA
True
300
True or false: There are exceptions to the breach notification requirements?
True
300
What is the right of patients to their PHI?
They have the right to inspect or get a copy of their own PHI
400
What is the privacy rule for PHI?
The Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral.
400
What businesses must comply with HIPAA?
Any healthcare entity that electronically processes, stores, transmits, or receives medical records, claims or remittances
400
True or False: In the event of a conflict between HIPAA and state law, state law preempts HIPAA unless HIPAA is stricter
False
400
What is the difference between a violation and breach?
HIPAA violations can be the cause of breaches, only HIPAA breaches are reportable events
400
True or False: Family members can access other family members PHI
True only with medical power of attorney
500
What is PHI under HIPAA
appointment inquires, employee and education records, wearable devices, health and fitness apps
500
What are the penalties for HIPAA non-compliance?
Fines can be up to $250,000 for violations or imprisonment up to 10 years for knowing abuse or misuse of individual health information.
500
True or False: According to the Security Rule, it is never permissible to use the internet to transmit PHI
False
500
What is the minimum and maximum penalty for jail time?
1 to 10 years
500
Can you a person look up their own medical records in an EHR system that they have access to?
No, you can request copies but cannot look up your own information on a EHR




HIPAA

Press F11 for full screen mode




Edit | Download / Play Offline | Share