Uploaded by Christie Jacobs

Student workbook 2, chapter 11

advertisement
Student Workbook 2
HIM 170 CHAPTER 11
Wulf Plimpton, Julie
DSU | MADISON, SD
HIM 170 Chapter 11
1. Sally Mitchell was treated for kidney stones at Graham Hospital last year. She now wishes to
review her medical record in person. She has requested to review them by herself in a closed
room. Which of the following is true?
A. Failure to accommodate her wishes will be a violation of the HIPAA Privacy Rule
B. Sally owns the information in her record, so she must be granted her request.
C. Sally’s request does not have to be granted because the hospital is responsible for
the integrity of the medical record
D. Patients should never be given access to their actual medical records
2. If Sheri requests a copy of her health record from a provider, per HIPAA the provider
__________.
A. May not charge her for the copy
B. May charge for the cost of copying
C. May not charge for the cost of supplies and labor
D. May charge any amount that it wishes
3. General Hospital has denied Crystal’s request to access her medical record. The denial is not
subject to appeal. Which of the following is the most likely reason for the denial?
A. Access to the PHI would likely endanger Crystal’s life or physical safety
B. Access to the PHI would likely endanger the life or safety of someone else
C. Substantial harm would be caused to someone mentioned in the PHI
D. The PHI contains psychotherapy notes
4. Barbara requested a copy of her PHI from her physician office on August 31. It is now
October 10 and she has not heard anything from the physician office. Which of the following
statements is correct?
A. This is not a HIPAA violation because the physician’s office has 60 days to respond
B. This is not a HIPAA violation because Barbara does not have a right to her information
C. This is a HIPAA violation because the physician’s office did not respond within 30
days
D. This is a HIPAA violation because the physician’s office should have responded within
15 days.
5. A waived authorization in a research study __________.
A. Can be deemed appropriate by the research team
B. Is never permitted per HIPAA research regulations
C. Is only permitted when the research subject verbally agrees to the waiver
D. Can be approved by an Institutional Review Board or Privacy Board
6. Emma is getting ready to begin kindergarten. Her school is requesting her immunization
records as required by state law. Per HIPAA, Emma’s pediatrician may
A. Not disclose this PHI without the authorization of Emma’ parent.
B. Disclose this information because it is not PHI.
C. Disclose this PHI with verbal permission from Emma’s parent
D. Not disclose this PHI because it is an exception to the public health activity
authorization exception
7. Charlie went to the HIM department at Langford Hospital to request an amendment to his
PHI. The HIM staff required that he make the request in writing. He said this violated his HIPAA
rights. Who is correct?
A. Charlie, because the Privacy Rule requires amendment requests to be oral
B. The HIM department, because the Privacy Rule requires amendment requests to be in
writing
C. Charlie, because the Privacy Rule requires immediate responses to all amendment
requests
D. The HIM department, because the Privacy Rule allows covered entities to require
amendment requests be made in writing
8. Which of the following is not required when a covered entity issues a denial of a requested
amendment?
A. A preprinted form on which the individual may dispute the denial
B. A description of how the individual may complain to the covered entity
C. The basis for the denial
D. A statement that the individual may submit a written disagreement
9. Terry has requested that all written communications from his cardiologist’s office be sent to
his work address instead of his home address. The cardiology practice __________.
A. Must honor this confidential communication request if it is deemed reasonable
B. Is not required to honor any confidential communication requests of this nature
C. Is not required to honor this restriction request
D. Must honor this restriction request as long as it is submitted in writing
10. Per HIPAA, research must be approved by __________.
A. An Institutional Review Board
B. A Privacy Board
C. Either a or b
D. Neither a nor b
Discussion Question (10 Points)
As the privacy officer for a covered entity, you are aware that protected health information has been
accessed by an unauthorized individual. What type of analysis will you conduct to determine whether it
constitutes a “breach” under HIPAA? Consider how HITECH defines a breach, and how will exceptions
play into this scenario? Defend your responses.
Start by running a risk analysis to find out what areas of the system they accessed. Then
determine what areas of the system they accessed and which ePHI records if any they could
access and what did they do while they had access to the system. Under HITECH the
definition of a breach is an “unauthorized acquisition”, use of disclosure of PHI which
compromises the security or privacy of such information. This would be considered a
breach under HITECH because it is an unauthorized access.
Download