Date: HIPAA Privacy and Security Quiz 1. Who may release information to the media on behalf of the hospital? A. B. C. D. E. The Administrator/CEO The Public Information Officer The Nursing Supervisor/House Supervisor The Charge Nurse of the Unit A, B, and C but not D 2. Which of the following patients are automatically considered “No Information” patients, meaning the hospital releases NO information on them to anyone? A. B. C. D. Victims of abuse or rape Persons being treated for drug/alcohol abuse Persons treated for mental illness All of the above 3. What must happen before a photo of a patient is taken? A. B. C. D. The patient must give verbal consent. The patient must given written consent The patient doesn’t need to give his/her consent. No photos of patients are ever allowed in the hospital. 4. If there has been a breach of PHI, you should: A. B. C. D. Immediately notify the federal government and the media. Immediately notify your supervisor and submit a patient safety form, a.k.a. a “blue form” Immediately call the police. Consider it a learning experience and just don’t let it happen again. 5. Your cousin is a patient at GMH. You are not involved in her treatment but you would like to know what she is suffering from. What is the best way to find out this information? A. B. C. D. Ask her physician for the information Ask her directly Look her up on the computer system Ask staff in her ward for the information 6. The “minimum necessary” standard requires you to: A. Include all treatment-related disclosures in accountings of disclosures B. Refrain from accessing PHI during emergencies C. Determine who needs what information and only provide the necessary amount and type D. Document all conversations that include PHI 7. Protected Health Information is: A. Information that is restricted from access by any employee B. Information that cannot be shared with a patient due to its confidential nature C. Information that defines a patient 8. When can you disclose PHI? A. B. C. D. For the treatment of a patient, if that is part of my job For obtaining payment for services, if that is part of my job When the patient has authorized, in writing, its release All of the above. 9. If a patient decides to opt out of the hospital’s directory, or become a “no information” patient, which of the following applies? A. Registration staff cannot give out information about the patient but other staff may B. Nobody at the organization can give out information about the patient, including the fact that the patient is at the hospital in the first place C. No family members or friends can visit the patient D. None of the above. 10. Physical security includes which of the following? A. B. C. D. Locking doors and desks Keeping PHI out of view of those around you Storing computer equipment safely All of the above 11. Protected Health Information can be transmitted through: A. B. C. D. Electronic communications Written communications Oral communications All of the above 12. When discussing PHI, try to: A. B. C. D. Lower your voice Use non-generic terms Move to a more private area Both A and C True or False: For each statement, circle True or False. True False True False True False True False True False 13. If there has been a breach of PHI, the hospital MUST notify the affected victims. 14. Health care providers are restricted from consulting with other providers about a patient’s condition without the patient’s written authorization. 15. In addition to penalties enforced by the federal government, a person who wrongfully discloses individually identifiable health information also can face civil fines. 16. When I come home from work, I can discuss patient information only with my immediate family members. 17. Monitoring systems can be used to determine if unauthorized persons are trying to access ePHI. True False True True False False 18. Physical safeguards are all about the protection of computer systems and the facility where ePHI (data) is stored such as physical access controls, unique user IDs and passwords. 19. Email attachments are one way viruses infect computer networks. 20. Email documents that contain ePHI and web browser sessions between patients and physicians must be protected by encryption. Name:___________________________________ Department:_____________________________