HIPAA Privacy and Security Quiz 1. Who may release information to

advertisement
Date:
HIPAA Privacy and Security Quiz
1. Who may release information to the media on behalf of the hospital?
A.
B.
C.
D.
E.
The Administrator/CEO
The Public Information Officer
The Nursing Supervisor/House Supervisor
The Charge Nurse of the Unit
A, B, and C but not D
2. Which of the following patients are automatically considered “No Information” patients, meaning the
hospital releases NO information on them to anyone?
A.
B.
C.
D.
Victims of abuse or rape
Persons being treated for drug/alcohol abuse
Persons treated for mental illness
All of the above
3. What must happen before a photo of a patient is taken?
A.
B.
C.
D.
The patient must give verbal consent.
The patient must given written consent
The patient doesn’t need to give his/her consent.
No photos of patients are ever allowed in the hospital.
4. If there has been a breach of PHI, you should:
A.
B.
C.
D.
Immediately notify the federal government and the media.
Immediately notify your supervisor and submit a patient safety form, a.k.a. a “blue form”
Immediately call the police.
Consider it a learning experience and just don’t let it happen again.
5. Your cousin is a patient at GMH. You are not involved in her treatment but you would like to know what
she is suffering from. What is the best way to find out this information?
A.
B.
C.
D.
Ask her physician for the information
Ask her directly
Look her up on the computer system
Ask staff in her ward for the information
6. The “minimum necessary” standard requires you to:
A. Include all treatment-related disclosures in accountings of disclosures
B. Refrain from accessing PHI during emergencies
C. Determine who needs what information and only provide the necessary amount and type
D. Document all conversations that include PHI
7. Protected Health Information is:
A. Information that is restricted from access by any employee
B. Information that cannot be shared with a patient due to its confidential nature
C. Information that defines a patient
8.
When can you disclose PHI?
A.
B.
C.
D.
For the treatment of a patient, if that is part of my job
For obtaining payment for services, if that is part of my job
When the patient has authorized, in writing, its release
All of the above.
9. If a patient decides to opt out of the hospital’s directory, or become a “no information” patient, which of the
following applies?
A. Registration staff cannot give out information about the patient but other staff may
B. Nobody at the organization can give out information about the patient, including the fact that the
patient is at the hospital in the first place
C. No family members or friends can visit the patient
D. None of the above.
10. Physical security includes which of the following?
A.
B.
C.
D.
Locking doors and desks
Keeping PHI out of view of those around you
Storing computer equipment safely
All of the above
11. Protected Health Information can be transmitted through:
A.
B.
C.
D.
Electronic communications
Written communications
Oral communications
All of the above
12. When discussing PHI, try to:
A.
B.
C.
D.
Lower your voice
Use non-generic terms
Move to a more private area
Both A and C
True or False: For each statement, circle True or False.
True
False
True
False
True
False
True
False
True
False
13. If there has been a breach of PHI, the hospital MUST notify the
affected victims.
14. Health care providers are restricted from consulting with other
providers about a patient’s condition without the patient’s written
authorization.
15. In addition to penalties enforced by the federal government, a person
who wrongfully discloses individually identifiable health information also
can face civil fines.
16. When I come home from work, I can discuss patient information only
with my immediate family members.
17. Monitoring systems can be used to determine if unauthorized persons
are trying to access ePHI.
True
False
True
True
False
False
18. Physical safeguards are all about the protection of computer systems
and the facility where ePHI (data) is stored such as physical access
controls, unique user IDs and passwords.
19. Email attachments are one way viruses infect computer networks.
20. Email documents that contain ePHI and web browser sessions
between patients and physicians must be protected by encryption.
Name:___________________________________
Department:_____________________________
Download